With Kamailio 5.8 it still crashes. I use in the meantime the bytecode of luajit as KEMI.
<details> <summary>kamailio.cfg</summary> #.x!xKAMAILI2O # *** To enable presence server execute: # - define WITH_PRESENCE # - if modified headers or body in config must be used by presence handling: # - define WITH_MSGREBUILD # # *** To block 3XX redirect replies execute: #!define WITH_BLOCK3XX # # *** To block 401 and 407 authentication replies execute: # - define WITH_BLOCK401407 server_signature=off # force_rport=on # made in routling_logic.lua # local_rport=on log_stderror=yes corelog=-1 /* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */ debug=1
dns_try_ipv6=off dns_retr_time=2 use_dns_failover=on dns_srv_lb=on dns_try_naptr=on dns_cache_flags=1 #next line crashes, unless =on dns_cache_init=on use_dns_cache=on
server_id=2 rundir="/conf"
children=8 enable_sctp = 1 sctp_children = 2 tcp_children = 4 enable_tls=yes listen=tls:144.76.142.78:5061 listen=tcp:144.76.142.78:5060 listen=udp:144.76.142.78:5060 listen=sctp:144.76.142.78:5060
#onsend_route_reply=yes user="kamailio" group="kamailio" real_time = 3 #tcp_defer_accept = 3 #!define DBURLRO "sqlite:///conf/kamailio-ro.db" #!define DBURLRW "sqlite:///conf/kamailio.db" ####### Defined Values #########
# *** Value defines - IDs used later in config # - flags # FLT_ - per transaction (message) flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5
# FLB_ - per branch flags #!define FLB_NATB 6 #!define FLB_NATSIPPING 7
#!define FLT_DIALOG 10 #!define FLT_SST 11
####### Global Parameters #########
mlock_pages=yes
auto_aliases=no #alias=sip.bapha.be:5060 #alias=sip.bapha.be:5061 #alias=sip.aegee.org:5060 #alias=sip.aegee.org:5061 #alias=mail.aegee.org:5060 #alias=mail.aegee.org:5061
/* life time of TCP connection when there is no traffic * - a bit higher than registration expires to cope with UA behind NAT */ tcp_connection_lifetime=3605 tcp_accept_no_cl=yes #tcp_keepalive=yes tcp_keepcnt=6 tcp_keepidle=60 tcp_keepintvl=10
loadmodule "db_sqlite.so" loadmodule "permissions.so" loadmodule "sctp.so"
loadmodule "enum.so" loadmodule "kex.so" loadmodule "kemix.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "usrloc.so" loadmodule "tls.so" loadmodule "stun.so" loadmodule "outbound.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "sipdump" loadmodule "dialog.so" loadmodule "sst.so" loadmodule "uac.so" loadmodule "acc.so" loadmodule "maxfwd.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "tcpops.so" # loadmodule "textopsx.so" ## unused loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "nathelper.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "counters.so" loadmodule "rtpengine.so" loadmodule "auth.so" loadmodule "auth_db.so" loadmodule "alias_db.so" loadmodule "domain.so"
#!ifdef WITH_PRESENCE loadmodule "presence.so" loadmodule "presence_xml.so" #!endif
loadmodule "htable.so" loadmodule "pike.so"
loadmodule "xhttp.so" loadmodule "websocket.so" loadmodule "app_lua.so" loadmodule "statsc.so"
modparam("sipdump", "enable", 1) modparam("sipdump", "mode", 2) modparam("sipdump", "event_callback", "ksr_sipdump_event") #modparam("sipdump", "folder", "/conf")
modparam("auth", "auth_checks_register", 11) modparam("auth", "qop", "auth") modparam("auth", "auth_checks_no_dlg", 9) modparam("auth", "auth_checks_in_dlg", 15) modparam("auth", "qop", "auth") modparam("auth", "use_domain", yes); # modparam("auth", "algorithm", "SHA-256") # gnome-calls does not support algorithm=sha-256 modparam("auth", "add_authinfo_hdr", yes) modparam("permissions", "load_backends", 1) modparam("permissions", "db_url", DBURLRO)
# ----- auth_db params ----- modparam("auth_db", "db_url", DBURLRO) modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "$avp(credentials)=password") modparam("auth_db", "use_domain", 1)
modparam("dialog", "timeout_avp", "$avp(dlgtimeout)") modparam("dialog", "bridge_controller", "sip:controller@aegee.org") modparam("dialog", "bridge_contact", "sip:controller@144.76.142.78:5060") modparam("dialog", "send_bye", 1) modparam("dialog", "dlg_flag", FLT_DIALOG)
modparam("sst", "timeout_avp", "$avp(dlgtimeout)") modparam("sst", "sst_flag", FLT_SST) modparam("xhttp", "event_callback", "ksr_xhttp_event") modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:1555") modparam("ctl", "binrpc", "unix:/conf/kamailio_ctl") modparam("sanity", "uri_checks", 15) modparam("uac", "restore_passwd", "my_secret_EIA99iatruai") # modparam("uac", "default_socket", "udp:144.76.142.78:5060") modparam("uac", "reg_use_domain", 1) modparam("uac", "reg_db_url", DBURLRO)
# ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000)
# ----- rr params ----- # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 1) modparam("uac", "reg_contact_addr", "mail.aegee.org:5060")
# ----- registrar params ----- # modparam("registrar", "method_filtering", 1) modparam("registrar", "retry_after", 30) modparam("registrar", "max_contacts", 10) modparam("registrar", "max_expires", 3600) modparam("registrar", "use_path", 1) # modparam("registrar", "realm_prefix", "sip.")
# ----- usrloc params ----- modparam("usrloc", "timer_interval", 60) modparam("usrloc", "timer_procs", 1) modparam("usrloc", "use_domain", 1) modparam("usrloc", "preload", "location") modparam("usrloc", "xavp_contact", "uladdrs") # modparam("usrloc", "db_url", DBURLRW) # modparam("usrloc", "db_mode", 1)
# ----- alias_db params ----- modparam("alias_db", "db_url", DBURLRO) modparam("alias_db", "use_domain", 1) modparam("alias_db", "append_branches", 1) # modparam("alias_db", "domain_prefix", "sip.")
# ----- domain params ----- modparam("domain", "db_url", DBURLRO) /* register callback to match myself condition with domains list */ modparam("domain", "register_myself", 1)
#!ifdef WITH_PRESENCE # ----- presence params ----- # modparam("presence", "db_url", DBURLRW)
# ----- presence_xml params ----- # modparam("presence_xml", "db_url", DBURL) modparam("presence_xml", "force_active", 1) #!endif
#modparam("nathelper", "natping_interval", 5) modparam("nathelper", "natping_interval", 30) # has to be few times higher than natping_interval modparam("nathelper", "keepalive_timeout", 60) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) modparam("nathelper", "sipping_from", "sip:pinger@aegee.org")
# params needed for NAT traversal in other modules modparam("nathelper", "received_avp", "$avp(RECEIVED)") modparam("registrar", "received_avp", "$avp(RECEIVED)") modparam("usrloc", "nat_bflag", FLB_NATB)
modparam("tls", "config", "/conf/tls.cfg") modparam("tls", "send_close_notify", 1) modparam("tls", "tls_method", "TLSv1.2+")
modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4)
/* ip ban htable with autoexpire after 5 minutes */ modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") # modparam("htable", "db_url", DBURLRO) #modparam("htable", "htable", "users=>size=8;dbtable=htable_users;") modparam("htable", "htable", "users=>size=8;autoexpire=7200;") modparam("websocket", "keepalive_mechanism", 1) modparam("websocket", "keepalive_timeout", 3)
modparam("tcpops", "closed_event", 2) modparam("tcpops", "event_callback", "ksr_tcpops_event") modparam("app_lua", "load", "/conf/routing_logic.luajit.bc") # modparam("app_lua", "load", "/conf/routing_logic.lua54.bc") cfgengine "lua" </details>
<details> <summary>routing_logic.luajit</summary> band = bit.band -- global variables corresponding to defined values (flags) in kamailio.cfg FLT_ACC = 1 FLT_ACCMISSED = 2 FLT_ACCFAILED = 3 FLT_NATS = 5
FLB_NATB = 6 FLB_NATSIPPING = 7 FLT_DIALOG=10 FLT_SST=11
PW_DISALLOW_CALL_FROM_UNAUTHENTICATED = 1 PW_DISALLOW_CALL_FROM_ANONYMOUS = 2 PW_FORCE_TLS_TO_SERVER = 4 PW_FORCE_SRTP_TO_SERVER = 8 PW_END_TO_END_ENCRYPTION_TLS = 16 PW_END_TO_END_ENCRYPTION_SRTP = 32 PW_ASYMMETRIC = 64 -- max = 32 + 16 + 1 + 2 = 48 + 3 = 51 -- perhaps small letter for non-symmetric NAT, with "{" and "~" or "}" as last characters.
function pw_prop(password) if string.sub(password, 2, 2) ~= '0' then return -1 end local p, ret = string.byte(string.sub(password, 1, 1)) - 65, 0 if p > 32 then ret = PW_ASYMMETRIC p = p - 32 end if p == 28 then p = 27 end if band(p, PW_DISALLOW_CALL_FROM_UNAUTHENTICATED) ~= 0 then ret = ret + PW_DISALLOW_CALL_FROM_UNAUTHENTICATED end if band(p, PW_DISALLOW_CALL_FROM_ANONYMOUS) ~= 0 then ret = ret + PW_DISALLOW_CALL_FROM_ANONYMOUS end if band(p, PW_END_TO_END_ENCRYPTION_TLS) ~= 0 then p = p - PW_FORCE_TLS_TO_SERVER - PW_FORCE_SRTP_TO_SERVER if band(p, PW_FORCE_TLS_TO_SERVER) ~= 0 then ret = ret + PW_END_TO_END_ENCRYPTION_TLS end if band(p, PW_FORCE_SRTP_TO_SERVER) ~= 0 then ret = ret + PW_END_TO_END_ENCRYPTION_SRTP end else if band(p, PW_FORCE_TLS_TO_SERVER) ~= 0 then ret = ret + PW_FORCE_TLS_TO_SERVER end if band(p, PW_FORCE_SRTP_TO_SERVER) ~= 0 then ret = ret + PW_FORCE_SRTP_TO_SERVER end end return ret end
function ksr_request_route() -- if KSR.kx.ifdef('WITH_BLOCK3XX') then -- KSR.err('WITH_BLOCK3xx is defined\n') -- else -- KSR.err('WITH_BLOCK3xx is NOT defined\n') -- end
-- per request initial checks KSR.set_reply_no_connect() -- enforce symmetric signaling -- send back replies to the source address of request KSR.force_rport() if not KSR.is_myself_srcip() then local srcip = KSR.kx.get_srcip() if KSR.htable.sht_match_name("ipban", "eq", srcip) > 0 then -- ip is already blocked KSR.dbg("request from blocked IP - " .. KSR.kx.get_method() .. " from " .. KSR.kx.get_furi() .. " (IP:" .. srcip .. ":" .. KSR.kx.get_srcport() .. ")\n") KSR.x.exit() end if KSR.pike.pike_check_req() < 0 then KSR.err("ALERT: pike blocking " .. KSR.kx.get_method() .. " from " .. KSR.kx.get_furi() .. " (IP:" .. srcip .. ":" .. KSR.kx.get_srcport() .. ")\n") KSR.htable.sht_seti("ipban", srcip, 1) KSR.x.exit() end end
local ua = KSR.kx.gete_ua() if string.find(ua, "friendly") or string.find(ua, "scanner") or string.find(ua, "sipcli") or string.find(ua, "sipvicious") or string.find(ua, "VaxSIPUserAgent") or string.find(ua, "pplsip") then KSR.sl.sl_send_reply(200, "OK") KSR.x.exit() end
if KSR.maxfwd.process_maxfwd(10) < 0 then KSR.sl.sl_send_reply(483, "Too Many Hops") KSR.x.exit() end
if KSR.is_OPTIONS() and KSR.is_myself_ruri() and KSR.corex.has_ruri_user() < 0 then KSR.sl.sl_send_reply(200, "Keepalive") KSR.x.exit() end -- 7 = 1 + 2 +4 --17898 - 16384 - 1024 - 256 - 128 - 64 - 32 -8-2 --127 - malformed -- bez 4
if KSR.sanity.sanity_check(17896, 0)<0 then KSR.err("malformed SIP message from " .. KSR.kx.get_srcip() .. ":" .. KSR.kx.get_srcport() .."\n") KSR.x.exit() end if string.lower(KSR.kx.get_rhost() or "") == "mail.aegee.org" then KSR.sethost("aegee.org") end
-- if KSR.is_REGISTER() and KSR.is_UDP() then -- KSR.sl.sl_send_reply(404, "Do not REGISTER over UDP") -- return 1 -- end -- NAT detection if KSR.nathelper.nat_uac_test(19+64)>0 then if KSR.is_REGISTER() then KSR.nathelper.fix_nated_register() elseif KSR.is_WSX() then if KSR.nathelper.add_contact_alias() < 0 then KSR.sl.sl_send_reply(400, "Bad Request") KSR.x.exit() end elseif KSR.siputils.is_first_hop()>0 then KSR.nathelper.set_contact_alias() end KSR.setflag(FLT_NATS) end
-- CANCEL processing if KSR.is_CANCEL() then if KSR.tm.t_check_trans()>0 and KSR.tm.t_relay()<0 then KSR.sl.sl_reply_error() end KSR.x.exit() return 1 end -- handle retransmissions if not KSR.is_ACK() then if KSR.tmx.t_precheck_trans()>0 then KSR.tm.t_check_trans() return 1 end if KSR.tm.t_check_trans()==0 then return 1 end end -- handle requests within SIP dialogs if KSR.siputils.has_totag()>0 then -- sequential request within a dialog should take the path determined by record-routing if KSR.rr.loose_route()>0 then -- URI update for dialog requests if not KSR.isdsturiset() then KSR.nathelper.handle_ruri_alias() end
if KSR.is_BYE() then KSR.setflag(FLT_ACC) -- do accounting ... KSR.setflag(FLT_ACCFAILED) -- ... even if the transaction fails elseif KSR.is_ACK() then -- ACK is forwarded statelessly ksr_route_natmanage() elseif KSR.is_NOTIFY() then -- Add Record-Route for in-dialog NOTIFY as per RFC 6665. KSR.rr.record_route() end ksr_route_relay() KSR.x.exit() end if KSR.is_ACK() then if KSR.tm.t_check_trans() >0 and KSR.tm.t_relay()<0 then -- no loose-route, but stateful ACK -- must be an ACK after a 487 -- or e.g. 404 from upstream server KSR.sl.sl_reply_error() end KSR.x.exit() end KSR.sl.sl_send_reply(404, "Not here") KSR.x.exit() end -- only initial requests (no To tag)
-- authentication -- IP authorization and user authentication local is_register = KSR.is_REGISTER() if is_register or KSR.is_myself_furi() then -- authenticate requests local fhost = KSR.kx.gete_fhost() local turi = KSR.kx.get_turi() if string.lower(fhost) == "mail.aegee.org" then fhost = "aegee.org" turi = KSR.kx.gete_tuser() .. '@aegee.org' end if string.lower(string.sub(turi, 1, 4)) == 'sip:' then turi = string.sub(turi, 5) elseif string.lower(string.sub(turi, 1, 5)) == 'sips:' then turi = string.sub(turi, 6) end if KSR.auth_db.auth_check(fhost, "subscriber", 1)<0 then KSR.auth.auth_challenge(fhost, 0) KSR.x.exit() end local pw_props = pw_prop(KSR.pv.gete('$avp(credentials)')) if is_register then KSR.htable.sht_seti("users", turi, pw_props) KSR.tcpops.tcp_keepalive_enable(60, 5, 5) if KSR.is_TLS() then KSR.tcpops.tcp_enable_closed_event() end if ( band(pw_props, PW_FORCE_TLS_TO_SERVER) ~= 0 ) and not KSR.is_TLS() and not KSR.is_WSX() then KSR.sl.sl_send_reply(404, "Use TLS!") KSR.x.exit() end elseif KSR.is_INVITE() then end
-- user authenticated - remove auth header if not KSR.is_method_in("RP") then KSR.auth.consume_credentials() end else -- validate IP address of caller (carrier) KSR.err('FOREIGN FURI SRCURI ' .. KSR.kx.get_srcip() .. ':' .. KSR.kx.get_srcport() .. '\n') if KSR.permissions.allow_source_address_group() > -1 then -- KSR.err('KNOWN SOURCE IP\n') else -- KSR.err('XXX UNKNOWN SOURCE IP\n') end end if not KSR.is_method_in("RS") then KSR.setflag(FLT_DIALOG) KSR.setflag(FLT_SST) end -- if caller is not local subscriber, then check if it calls a local destination, otherwise deny, not an open relay here if not (KSR.is_myself_furi() or KSR.is_myself_ruri()) then KSR.sl.sl_send_reply(403, "Not relaying") KSR.x.exit() end -- record routing for dialog forming requests (in case they are routed) -- - remove preloaded route headers KSR.hdr.remove("Route") if KSR.is_method_in("ISR") then KSR.rr.record_route() if KSR.is_method_in("IR") then if KSR.is_INVITE() then KSR.setflag(FLT_ACC) -- do accounting end end end
-- dispatch requests to foreign domains -- Routing to foreign domains ksr_route_sipout()
-- requests for my local domains
-- handle registrations if KSR.is_REGISTER() then if KSR.isflagset(FLT_NATS) then KSR.err('FLT_NATS IS set\n') KSR.setbflag(FLB_NATB) -- do SIP NAT pinging -- KSR.setbflag(FLB_NATSIPPING) else KSR.err('FLT_NATS is NOT SET\n') end if string.lower(KSR.kx.get_fhost()) == "mail.aegee.org" then if KSR.registrar.save_uri("location", 0, "sip:" .. KSR.kx.get_fuser() .. "@aegee.org") <0 then KSR.sl.sl_reply_error() end else if KSR.registrar.save("location", 0) <0 then KSR.sl.sl_reply_error() end end KSR.x.exit() end
if KSR.corex.has_ruri_user() < 0 then -- request with no Username in RURI KSR.sl.sl_send_reply(484, "Address Incomplete") return 1 end
KSR.alias_db.lookup("dbaliases") -- user location service KSR.err('LOOKING FOR ' .. KSR.kx.get_ruser() .. '\n')
local callee_properties, caller_properties = 0, 0 if KSR.is_INVITE() then if KSR.is_myself_ruri() then local rhost = KSR.kx.gete_rhost() if rhost == 'mail.aegee.org' then rhost = 'aegee.org' end local callee = KSR.kx.gete_ruser() .. '@' .. rhost local n = KSR.htable.sht_gete("users", KSR.kx.gete_ruser() .. '@' .. rhost) if n ~= "" then callee_properties = n end end if KSR.is_myself_furi() then local fhost = KSR.kx.gete_fhost() if fhost == 'mail.aegee.org' then fhost = 'aegee.org' end local caller = KSR.kx.gete_fuser() .. '@' .. fhost local n = KSR.htable.sht_gete("users", KSR.kx.gete_fuser() .. '@' .. fhost) if n ~= "" then caller_properties = n end KSR.err('caller props = ' .. caller_properties .. '\n') if band(caller_properties, PW_FORCE_TLS_TO_SERVER) ~= 0 and not KSR.is_TLS() and not KSR.is_WSX() then KSR.sl.sl_send_reply(404, "Use TLS!") KSR.x.exit() end end end
local rc if KSR.kx.gete_rhost() == "mail.aegee.org" then rc = KSR.registrar.lookup_uri("location", "sip:" .. KSR.kx.get_ruser() .. "@aegee.org") else rc = KSR.registrar.lookup("location") end
KSR.err('LOOKUP RESULT ' .. KSR.kx.get_ruri() .. '\n') if rc<0 and KSR.is_myself_ruri() then KSR.tm.t_newtran() if rc==-1 or rc==-3 then KSR.sl.send_reply(404, "Not Found") KSR.x.exit() elseif rc==-2 then KSR.sl.send_reply(405, "Method Not Allowed") KSR.x.exit() end end -- when routing via usrloc, log the missed calls also if KSR.is_INVITE() then KSR.setflag(FLT_ACCMISSED) end
ksr_route_relay() KSR.x.exit() end
-- wrapper around tm relay function function ksr_route_relay() -- enable additional event routes for forwarded requests -- - serial forking, RTP relaying handling, a.s.o. if KSR.is_method_in("IBSU") then if KSR.tm.t_is_set("branch_route")<0 then KSR.tm.t_on_branch("ksr_branch_manage") end if KSR.is_method_in("ISU") and KSR.tm.t_is_set("onreply_route")<0 then KSR.tm.t_on_reply("ksr_onreply_manage") end end
if KSR.is_INVITE() then if KSR.tm.t_is_set("failure_route")<0 then KSR.tm.t_on_failure("ksr_failure_manage") end end if KSR.tm.t_relay()<0 then KSR.sl.sl_reply_error() end KSR.x.exit() end
-- RTPEngine control function ksr_route_natmanage() local isrequest = KSR.siputils.is_request() > 0 if isrequest and KSR.siputils.has_totag()>0 and KSR.rr.check_route_param("nat=yes")>0 then KSR.setbflag(FLB_NATB) end if not (KSR.isflagset(FLT_NATS) or KSR.isbflagset(FLB_NATB)) then KSR.err('ksr_route_natmanage: NATS FLAGS NOT set\n') return 1 end
KSR.err('ksr_route_natmanage: NATS FLAGS SET\n') local no_srtp = KSR.kx.get_rhost() == 'sip.nemox.net' and " RTP" or "" -- pad-crypto -- KSR.err("USER AGENT" .. KSR.pv.gete("$xavp(uladdrs)") .. '\n') local useragent = KSR.hdr.gete("User-Agent") if string.find(useragent, "JsSIP") or string.find(useragent, "SIP.js") then no_srtp = no_srtp .. " rtcp-mux-accept" end if KSR.nathelper.nat_uac_test(8) > 0 then KSR.rtpengine.rtpengine_manage("replace-session-connection replace-origin SDES-pad SIP-source-address" .. no_srtp) else KSR.rtpengine.rtpengine_manage("replace-session-connection replace-origin SDES-pad" .. no_srtp) end if isrequest and KSR.siputils.has_totag()<0 and KSR.tmx.t_is_branch_route()>0 then KSR.rr.add_rr_param(";nat=yes") elseif not isrequest and KSR.siputils.is_reply()>0 and KSR.isbflagset(FLB_NATB) then KSR.nathelper.set_contact_alias() end return 1 end
-- Manage outgoing branches -- equivalent of branch_route[...]{} function ksr_branch_manage() KSR.dbg("new branch [".. KSR.pv.get("$T_branch_idx") .. "] to " .. KSR.kx.get_ruri() .. "\n") ksr_route_natmanage() return 1 end
-- Manage incoming replies function ksr_onreply_manage() local scode = KSR.kx.get_status() if scode>100 and scode<299 then ksr_route_natmanage() end return 1 end
-- Manage failure routing cases equivalent of failure_route[...]{} function ksr_failure_manage() ksr_route_natmanage() -- if KSR.tm.t_is_canceled()>0 then return 1; end return 1 end
-- SIP response handling -- equivalent of reply_route{} function ksr_reply_route() if KSR.sanity.sanity_check(17604, 6)<0 then KSR.err("malformed SIP response from " .. KSR.kx.get_srcip() .. ":" .. KSR.kx.get_srcport() .."\n") KSR.x.drop() end return 1 end
-- Routing to foreign domains function ksr_route_sipout() local first=string.sub(KSR.kx.gete_ruser(), 1, 1) if first == '+' or first == '0' then local y = KSR.enum.enum_query() KSR.err('ENUM RESULT ' .. tostring(y) .. ' :RURI ' .. KSR.kx.get_ruri() .. '\n') if y == -1 and (not KSR.is_myself_furi() or KSR.kx.get_fuser() == 'online') then KSR.sl.sl_send_reply(403, "Aliens not served here.") KSR.x.exit() end end if KSR.is_myself_ruri() then return 1; end KSR.hdr.append("P-Hint: outbound\r\n"); ksr_route_relay(); KSR.x.exit(); end
function ksr_sipdump_event(evname) local dst_port, dst_ip, src_port, src_ip = KSR.pv.gete("$sipdump(dst_port)"), KSR.sipdump.get_dst_ip(), KSR.pv.gete("$sipdump(src_port)"), KSR.sipdump.get_src_ip() if (dst_ip == "144.76.142.78" and src_ip == "144.76.142.78") or not ((dst_port == 5060 and dst_ip == "144.76.142.78") or (src_port == 5060 and src_ip == "144.76.142.78")) then KSR.err("sipdump " .. evname .. " src " .. src_ip .. ':' .. src_port .. " dst " .. dst_ip .. ':' .. dst_port .. "\n" .. KSR.pv.gete("$sipdump(buf)") .. "\n") end return 1 end
-- event callback function implemented in Lua function ksr_xhttp_event(evname) KSR.set_reply_close() KSR.set_reply_no_connect() if KSR.kx.get_srcip() ~= '144.76.142.78' then -- if KSR.pv.gete("$Rp") ~= 8080 then KSR.xhttp.xhttp_reply("403", "Forbidden", "text/plain", "Plan B2." .. KSR.kx.get_srcip()) KSR.x.exit() end if string.lower(KSR.hdr.gete("Upgrade")) == "websocket" and string.find(string.lower(KSR.hdr.gete("Connection")), "upgrade") ~= nil and string.upper(KSR.kx.get_method()) == "GET" then local host = KSR.hdr.get("Host") if host == nil then --or not KSR.is_myself("sip:" .. host) then KSR.xhttp.xhttp_reply("403", "Forbidden", "text/plain", "Plan B3.") KSR.x.exit() end if KSR.websocket.handle_handshake() > 0 then KSR.x.exit() end end KSR.err("===== xhttp 1 module triggered event: " .. evname .. "\n") KSR.xhttp.xhttp_reply("200", "OK", "text/html", "<html><body>OK - [" .. KSR.pv.gete("$si") .. ":" .. KSR.pv.gete("$sp") .. "]</body></html>") return 1 end
function ksr_tcpops_event(evname) KSR.info("===== tcpops module triggered event: " .. evname .. " Source IP " .. KSR.pv.gete("$si") .. " Source port " .. KSR.pv.gete("$sp") .. "\n") return 1 end </details>