With Kamailio 5.8 it still crashes. I use in the meantime the bytecode of luajit as
KEMI.
<details>
<summary>kamailio.cfg</summary>
#.x!xKAMAILI2O
# *** To enable presence server execute:
# - define WITH_PRESENCE
# - if modified headers or body in config must be used by presence handling:
# - define WITH_MSGREBUILD
#
# *** To block 3XX redirect replies execute:
#!define WITH_BLOCK3XX
#
# *** To block 401 and 407 authentication replies execute:
# - define WITH_BLOCK401407
server_signature=off
# force_rport=on # made in routling_logic.lua
# local_rport=on
log_stderror=yes
corelog=-1
/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
debug=1
dns_try_ipv6=off
dns_retr_time=2
use_dns_failover=on
dns_srv_lb=on
dns_try_naptr=on
dns_cache_flags=1
#next line crashes, unless =on
dns_cache_init=on
use_dns_cache=on
server_id=2
rundir="/conf"
children=8
enable_sctp = 1
sctp_children = 2
tcp_children = 4
enable_tls=yes
listen=tls:144.76.142.78:5061
listen=tcp:144.76.142.78:5060
listen=udp:144.76.142.78:5060
listen=sctp:144.76.142.78:5060
#onsend_route_reply=yes
user="kamailio"
group="kamailio"
real_time = 3
#tcp_defer_accept = 3
#!define DBURLRO "sqlite:///conf/kamailio-ro.db"
#!define DBURLRW "sqlite:///conf/kamailio.db"
####### Defined Values #########
# *** Value defines - IDs used later in config
# - flags
# FLT_ - per transaction (message) flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
# FLB_ - per branch flags
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
#!define FLT_DIALOG 10
#!define FLT_SST 11
####### Global Parameters #########
mlock_pages=yes
auto_aliases=no
#alias=sip.bapha.be:5060
#alias=sip.bapha.be:5061
#alias=sip.aegee.org:5060
#alias=sip.aegee.org:5061
#alias=mail.aegee.org:5060
#alias=mail.aegee.org:5061
/* life time of TCP connection when there is no traffic
* - a bit higher than registration expires to cope with UA behind NAT */
tcp_connection_lifetime=3605
tcp_accept_no_cl=yes
#tcp_keepalive=yes
tcp_keepcnt=6
tcp_keepidle=60
tcp_keepintvl=10
loadmodule "db_sqlite.so"
loadmodule "permissions.so"
loadmodule "sctp.so"
loadmodule "enum.so"
loadmodule "kex.so"
loadmodule "kemix.so"
loadmodule "corex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "usrloc.so"
loadmodule "tls.so"
loadmodule "stun.so"
loadmodule "outbound.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "sipdump"
loadmodule "dialog.so"
loadmodule "sst.so"
loadmodule "uac.so"
loadmodule "acc.so"
loadmodule "maxfwd.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "tcpops.so"
# loadmodule "textopsx.so" ## unused
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "nathelper.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "counters.so"
loadmodule "rtpengine.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "alias_db.so"
loadmodule "domain.so"
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
loadmodule "htable.so"
loadmodule "pike.so"
loadmodule "xhttp.so"
loadmodule "websocket.so"
loadmodule "app_lua.so"
loadmodule "statsc.so"
modparam("sipdump", "enable", 1)
modparam("sipdump", "mode", 2)
modparam("sipdump", "event_callback", "ksr_sipdump_event")
#modparam("sipdump", "folder", "/conf")
modparam("auth", "auth_checks_register", 11)
modparam("auth", "qop", "auth")
modparam("auth", "auth_checks_no_dlg", 9)
modparam("auth", "auth_checks_in_dlg", 15)
modparam("auth", "qop", "auth")
modparam("auth", "use_domain", yes);
# modparam("auth", "algorithm", "SHA-256") # gnome-calls
does not support algorithm=sha-256
modparam("auth", "add_authinfo_hdr", yes)
modparam("permissions", "load_backends", 1)
modparam("permissions", "db_url", DBURLRO)
# ----- auth_db params -----
modparam("auth_db", "db_url", DBURLRO)
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials",
"$avp(credentials)=password")
modparam("auth_db", "use_domain", 1)
modparam("dialog", "timeout_avp", "$avp(dlgtimeout)")
modparam("dialog", "bridge_controller",
"sip:controller@aegee.org")
modparam("dialog", "bridge_contact",
"sip:controller@144.76.142.78:5060")
modparam("dialog", "send_bye", 1)
modparam("dialog", "dlg_flag", FLT_DIALOG)
modparam("sst", "timeout_avp", "$avp(dlgtimeout)")
modparam("sst", "sst_flag", FLT_SST)
modparam("xhttp", "event_callback", "ksr_xhttp_event")
modparam("rtpengine", "rtpengine_sock",
"udp:127.0.0.1:1555")
modparam("ctl", "binrpc", "unix:/conf/kamailio_ctl")
modparam("sanity", "uri_checks", 15)
modparam("uac", "restore_passwd", "my_secret_EIA99iatruai")
# modparam("uac", "default_socket",
"udp:144.76.142.78:5060")
modparam("uac", "reg_use_domain", 1)
modparam("uac", "reg_db_url", DBURLRO)
# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
# ----- rr params -----
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 1)
modparam("uac", "reg_contact_addr", "mail.aegee.org:5060")
# ----- registrar params -----
# modparam("registrar", "method_filtering", 1)
modparam("registrar", "retry_after", 30)
modparam("registrar", "max_contacts", 10)
modparam("registrar", "max_expires", 3600)
modparam("registrar", "use_path", 1)
# modparam("registrar", "realm_prefix", "sip.")
# ----- usrloc params -----
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "timer_procs", 1)
modparam("usrloc", "use_domain", 1)
modparam("usrloc", "preload", "location")
modparam("usrloc", "xavp_contact", "uladdrs")
# modparam("usrloc", "db_url", DBURLRW)
# modparam("usrloc", "db_mode", 1)
# ----- alias_db params -----
modparam("alias_db", "db_url", DBURLRO)
modparam("alias_db", "use_domain", 1)
modparam("alias_db", "append_branches", 1)
# modparam("alias_db", "domain_prefix", "sip.")
# ----- domain params -----
modparam("domain", "db_url", DBURLRO)
/* register callback to match myself condition with domains list */
modparam("domain", "register_myself", 1)
#!ifdef WITH_PRESENCE
# ----- presence params -----
# modparam("presence", "db_url", DBURLRW)
# ----- presence_xml params -----
# modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
#!endif
#modparam("nathelper", "natping_interval", 5)
modparam("nathelper", "natping_interval", 30)
# has to be few times higher than natping_interval
modparam("nathelper", "keepalive_timeout", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from",
"sip:pinger@aegee.org")
# params needed for NAT traversal in other modules
modparam("nathelper", "received_avp", "$avp(RECEIVED)")
modparam("registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
modparam("tls", "config", "/conf/tls.cfg")
modparam("tls", "send_close_notify", 1)
modparam("tls", "tls_method", "TLSv1.2+")
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
/* ip ban htable with autoexpire after 5 minutes */
modparam("htable", "htable",
"ipban=>size=8;autoexpire=300;")
# modparam("htable", "db_url", DBURLRO)
#modparam("htable", "htable",
"users=>size=8;dbtable=htable_users;")
modparam("htable", "htable",
"users=>size=8;autoexpire=7200;")
modparam("websocket", "keepalive_mechanism", 1)
modparam("websocket", "keepalive_timeout", 3)
modparam("tcpops", "closed_event", 2)
modparam("tcpops", "event_callback", "ksr_tcpops_event")
modparam("app_lua", "load",
"/conf/routing_logic.luajit.bc")
# modparam("app_lua", "load",
"/conf/routing_logic.lua54.bc")
cfgengine "lua"
</details>
<details>
<summary>routing_logic.luajit</summary>
band = bit.band
-- global variables corresponding to defined values (flags) in kamailio.cfg
FLT_ACC = 1
FLT_ACCMISSED = 2
FLT_ACCFAILED = 3
FLT_NATS = 5
FLB_NATB = 6
FLB_NATSIPPING = 7
FLT_DIALOG=10
FLT_SST=11
PW_DISALLOW_CALL_FROM_UNAUTHENTICATED = 1
PW_DISALLOW_CALL_FROM_ANONYMOUS = 2
PW_FORCE_TLS_TO_SERVER = 4
PW_FORCE_SRTP_TO_SERVER = 8
PW_END_TO_END_ENCRYPTION_TLS = 16
PW_END_TO_END_ENCRYPTION_SRTP = 32
PW_ASYMMETRIC = 64
-- max = 32 + 16 + 1 + 2 = 48 + 3 = 51
-- perhaps small letter for non-symmetric NAT, with "{" and "~" or
"}" as last characters.
function pw_prop(password)
if string.sub(password, 2, 2) ~= '0' then return -1 end
local p, ret = string.byte(string.sub(password, 1, 1)) - 65, 0
if p > 32 then
ret = PW_ASYMMETRIC
p = p - 32
end
if p == 28 then p = 27 end
if band(p, PW_DISALLOW_CALL_FROM_UNAUTHENTICATED) ~= 0 then ret = ret +
PW_DISALLOW_CALL_FROM_UNAUTHENTICATED end
if band(p, PW_DISALLOW_CALL_FROM_ANONYMOUS) ~= 0 then ret = ret +
PW_DISALLOW_CALL_FROM_ANONYMOUS end
if band(p, PW_END_TO_END_ENCRYPTION_TLS) ~= 0 then
p = p - PW_FORCE_TLS_TO_SERVER - PW_FORCE_SRTP_TO_SERVER
if band(p, PW_FORCE_TLS_TO_SERVER) ~= 0 then ret = ret + PW_END_TO_END_ENCRYPTION_TLS
end
if band(p, PW_FORCE_SRTP_TO_SERVER) ~= 0 then ret = ret +
PW_END_TO_END_ENCRYPTION_SRTP end
else
if band(p, PW_FORCE_TLS_TO_SERVER) ~= 0 then ret = ret + PW_FORCE_TLS_TO_SERVER end
if band(p, PW_FORCE_SRTP_TO_SERVER) ~= 0 then ret = ret + PW_FORCE_SRTP_TO_SERVER end
end
return ret
end
function ksr_request_route()
-- if KSR.kx.ifdef('WITH_BLOCK3XX') then
-- KSR.err('WITH_BLOCK3xx is defined\n')
-- else
-- KSR.err('WITH_BLOCK3xx is NOT defined\n')
-- end
-- per request initial checks
KSR.set_reply_no_connect()
-- enforce symmetric signaling
-- send back replies to the source address of request
KSR.force_rport()
if not KSR.is_myself_srcip() then
local srcip = KSR.kx.get_srcip()
if KSR.htable.sht_match_name("ipban", "eq", srcip)
> 0 then
-- ip is already blocked
KSR.dbg("request from blocked IP - " ..
KSR.kx.get_method() .. " from " .. KSR.kx.get_furi() .. " (IP:" ..
srcip .. ":" .. KSR.kx.get_srcport() .. ")\n")
KSR.x.exit()
end
if KSR.pike.pike_check_req() < 0 then
KSR.err("ALERT: pike blocking " .. KSR.kx.get_method()
.. " from " .. KSR.kx.get_furi() .. " (IP:" .. srcip .. ":"
.. KSR.kx.get_srcport() .. ")\n")
KSR.htable.sht_seti("ipban", srcip, 1)
KSR.x.exit()
end
end
local ua = KSR.kx.gete_ua()
if string.find(ua, "friendly") or string.find(ua, "scanner")
or string.find(ua, "sipcli") or string.find(ua, "sipvicious") or
string.find(ua, "VaxSIPUserAgent") or string.find(ua, "pplsip") then
KSR.sl.sl_send_reply(200, "OK")
KSR.x.exit()
end
if KSR.maxfwd.process_maxfwd(10) < 0 then
KSR.sl.sl_send_reply(483, "Too Many Hops")
KSR.x.exit()
end
if KSR.is_OPTIONS() and KSR.is_myself_ruri() and KSR.corex.has_ruri_user() < 0
then
KSR.sl.sl_send_reply(200, "Keepalive")
KSR.x.exit()
end
-- 7 = 1 + 2 +4
--17898 - 16384 - 1024 - 256 - 128 - 64 - 32 -8-2
--127 - malformed
-- bez 4
if KSR.sanity.sanity_check(17896, 0)<0 then
KSR.err("malformed SIP message from " .. KSR.kx.get_srcip() ..
":" .. KSR.kx.get_srcport() .."\n")
KSR.x.exit()
end
if string.lower(KSR.kx.get_rhost() or "") == "mail.aegee.org"
then
KSR.sethost("aegee.org")
end
-- if KSR.is_REGISTER() and KSR.is_UDP() then
-- KSR.sl.sl_send_reply(404, "Do not REGISTER over UDP")
-- return 1
-- end
-- NAT detection
if KSR.nathelper.nat_uac_test(19+64)>0 then
if KSR.is_REGISTER() then
KSR.nathelper.fix_nated_register()
elseif KSR.is_WSX() then
if KSR.nathelper.add_contact_alias() < 0 then
KSR.sl.sl_send_reply(400, "Bad Request")
KSR.x.exit()
end
elseif KSR.siputils.is_first_hop()>0 then
KSR.nathelper.set_contact_alias()
end
KSR.setflag(FLT_NATS)
end
-- CANCEL processing
if KSR.is_CANCEL() then
if KSR.tm.t_check_trans()>0 and KSR.tm.t_relay()<0 then
KSR.sl.sl_reply_error()
end
KSR.x.exit()
return 1
end
-- handle retransmissions
if not KSR.is_ACK() then
if KSR.tmx.t_precheck_trans()>0 then
KSR.tm.t_check_trans()
return 1
end
if KSR.tm.t_check_trans()==0 then return 1 end
end
-- handle requests within SIP dialogs
if KSR.siputils.has_totag()>0 then
-- sequential request within a dialog should take the path determined by
record-routing
if KSR.rr.loose_route()>0 then
-- URI update for dialog requests
if not KSR.isdsturiset() then
KSR.nathelper.handle_ruri_alias()
end
if KSR.is_BYE() then
KSR.setflag(FLT_ACC) -- do accounting ...
KSR.setflag(FLT_ACCFAILED) -- ... even if the transaction
fails
elseif KSR.is_ACK() then
-- ACK is forwarded statelessly
ksr_route_natmanage()
elseif KSR.is_NOTIFY() then
-- Add Record-Route for in-dialog NOTIFY as per RFC 6665.
KSR.rr.record_route()
end
ksr_route_relay()
KSR.x.exit()
end
if KSR.is_ACK() then
if KSR.tm.t_check_trans() >0 and KSR.tm.t_relay()<0 then
-- no loose-route, but stateful ACK
-- must be an ACK after a 487
-- or e.g. 404 from upstream server
KSR.sl.sl_reply_error()
end
KSR.x.exit()
end
KSR.sl.sl_send_reply(404, "Not here")
KSR.x.exit()
end
-- only initial requests (no To tag)
-- authentication
-- IP authorization and user authentication
local is_register = KSR.is_REGISTER()
if is_register or KSR.is_myself_furi() then
-- authenticate requests
local fhost = KSR.kx.gete_fhost()
local turi = KSR.kx.get_turi()
if string.lower(fhost) == "mail.aegee.org" then
fhost = "aegee.org"
turi = KSR.kx.gete_tuser() .. '(a)aegee.org'
end
if string.lower(string.sub(turi, 1, 4)) == 'sip:' then
turi = string.sub(turi, 5)
elseif string.lower(string.sub(turi, 1, 5)) == 'sips:' then
turi = string.sub(turi, 6)
end
if KSR.auth_db.auth_check(fhost, "subscriber", 1)<0 then
KSR.auth.auth_challenge(fhost, 0)
KSR.x.exit()
end
local pw_props = pw_prop(KSR.pv.gete('$avp(credentials)'))
if is_register then
KSR.htable.sht_seti("users", turi, pw_props)
KSR.tcpops.tcp_keepalive_enable(60, 5, 5)
if KSR.is_TLS() then
KSR.tcpops.tcp_enable_closed_event()
end
if ( band(pw_props, PW_FORCE_TLS_TO_SERVER) ~= 0 ) and not
KSR.is_TLS() and not KSR.is_WSX() then
KSR.sl.sl_send_reply(404, "Use TLS!")
KSR.x.exit()
end
elseif KSR.is_INVITE() then
end
-- user authenticated - remove auth header
if not KSR.is_method_in("RP") then
KSR.auth.consume_credentials()
end
else
-- validate IP address of caller (carrier)
KSR.err('FOREIGN FURI SRCURI ' .. KSR.kx.get_srcip() .. ':' ..
KSR.kx.get_srcport() .. '\n')
if KSR.permissions.allow_source_address_group() > -1 then
-- KSR.err('KNOWN SOURCE IP\n')
else
-- KSR.err('XXX UNKNOWN SOURCE IP\n')
end
end
if not KSR.is_method_in("RS") then
KSR.setflag(FLT_DIALOG)
KSR.setflag(FLT_SST)
end
-- if caller is not local subscriber, then check if it calls a local destination,
otherwise deny, not an open relay here
if not (KSR.is_myself_furi() or KSR.is_myself_ruri()) then
KSR.sl.sl_send_reply(403, "Not relaying")
KSR.x.exit()
end
-- record routing for dialog forming requests (in case they are routed)
-- - remove preloaded route headers
KSR.hdr.remove("Route")
if KSR.is_method_in("ISR") then
KSR.rr.record_route()
if KSR.is_method_in("IR") then
if KSR.is_INVITE() then
KSR.setflag(FLT_ACC) -- do accounting
end
end
end
-- dispatch requests to foreign domains
-- Routing to foreign domains
ksr_route_sipout()
-- requests for my local domains
-- handle registrations
if KSR.is_REGISTER() then
if KSR.isflagset(FLT_NATS) then
KSR.err('FLT_NATS IS set\n')
KSR.setbflag(FLB_NATB)
-- do SIP NAT pinging
-- KSR.setbflag(FLB_NATSIPPING)
else
KSR.err('FLT_NATS is NOT SET\n')
end
if string.lower(KSR.kx.get_fhost()) == "mail.aegee.org" then
if KSR.registrar.save_uri("location", 0, "sip:" ..
KSR.kx.get_fuser() .. "(a)aegee.org") <0 then
KSR.sl.sl_reply_error()
end
else
if KSR.registrar.save("location", 0) <0 then
KSR.sl.sl_reply_error()
end
end
KSR.x.exit()
end
if KSR.corex.has_ruri_user() < 0 then
-- request with no Username in RURI
KSR.sl.sl_send_reply(484, "Address Incomplete")
return 1
end
KSR.alias_db.lookup("dbaliases")
-- user location service
KSR.err('LOOKING FOR ' .. KSR.kx.get_ruser() .. '\n')
local callee_properties, caller_properties = 0, 0
if KSR.is_INVITE() then
if KSR.is_myself_ruri() then
local rhost = KSR.kx.gete_rhost()
if rhost == 'mail.aegee.org' then rhost = 'aegee.org' end
local callee = KSR.kx.gete_ruser() .. '@' .. rhost
local n = KSR.htable.sht_gete("users", KSR.kx.gete_ruser() ..
'@' .. rhost)
if n ~= "" then callee_properties = n end
end
if KSR.is_myself_furi() then
local fhost = KSR.kx.gete_fhost()
if fhost == 'mail.aegee.org' then fhost = 'aegee.org' end
local caller = KSR.kx.gete_fuser() .. '@' .. fhost
local n = KSR.htable.sht_gete("users", KSR.kx.gete_fuser() .. '@'
.. fhost)
if n ~= "" then caller_properties = n end
KSR.err('caller props = ' .. caller_properties .. '\n')
if band(caller_properties, PW_FORCE_TLS_TO_SERVER) ~= 0 and not KSR.is_TLS()
and not KSR.is_WSX() then
KSR.sl.sl_send_reply(404, "Use TLS!")
KSR.x.exit()
end
end
end
local rc
if KSR.kx.gete_rhost() == "mail.aegee.org" then
rc = KSR.registrar.lookup_uri("location", "sip:" ..
KSR.kx.get_ruser() .. "(a)aegee.org")
else
rc = KSR.registrar.lookup("location")
end
KSR.err('LOOKUP RESULT ' .. KSR.kx.get_ruri() .. '\n')
if rc<0 and KSR.is_myself_ruri() then
KSR.tm.t_newtran()
if rc==-1 or rc==-3 then
KSR.sl.send_reply(404, "Not Found")
KSR.x.exit()
elseif rc==-2 then
KSR.sl.send_reply(405, "Method Not Allowed")
KSR.x.exit()
end
end
-- when routing via usrloc, log the missed calls also
if KSR.is_INVITE() then
KSR.setflag(FLT_ACCMISSED)
end
ksr_route_relay()
KSR.x.exit()
end
-- wrapper around tm relay function
function ksr_route_relay()
-- enable additional event routes for forwarded requests
-- - serial forking, RTP relaying handling, a.s.o.
if KSR.is_method_in("IBSU") then
if KSR.tm.t_is_set("branch_route")<0 then
KSR.tm.t_on_branch("ksr_branch_manage")
end
if KSR.is_method_in("ISU") and
KSR.tm.t_is_set("onreply_route")<0 then
KSR.tm.t_on_reply("ksr_onreply_manage")
end
end
if KSR.is_INVITE() then
if KSR.tm.t_is_set("failure_route")<0 then
KSR.tm.t_on_failure("ksr_failure_manage")
end
end
if KSR.tm.t_relay()<0 then
KSR.sl.sl_reply_error()
end
KSR.x.exit()
end
-- RTPEngine control
function ksr_route_natmanage()
local isrequest = KSR.siputils.is_request() > 0
if isrequest and KSR.siputils.has_totag()>0 and
KSR.rr.check_route_param("nat=yes")>0 then
KSR.setbflag(FLB_NATB)
end
if not (KSR.isflagset(FLT_NATS) or KSR.isbflagset(FLB_NATB)) then
KSR.err('ksr_route_natmanage: NATS FLAGS NOT set\n')
return 1
end
KSR.err('ksr_route_natmanage: NATS FLAGS SET\n')
local no_srtp = KSR.kx.get_rhost() == 'sip.nemox.net' and " RTP"
or ""
-- pad-crypto
-- KSR.err("USER AGENT" .. KSR.pv.gete("$xavp(uladdrs)") ..
'\n')
local useragent = KSR.hdr.gete("User-Agent")
if string.find(useragent, "JsSIP") or string.find(useragent,
"SIP.js") then
no_srtp = no_srtp .. " rtcp-mux-accept"
end
if KSR.nathelper.nat_uac_test(8) > 0 then
KSR.rtpengine.rtpengine_manage("replace-session-connection replace-origin
SDES-pad SIP-source-address" .. no_srtp)
else
KSR.rtpengine.rtpengine_manage("replace-session-connection replace-origin
SDES-pad" .. no_srtp)
end
if isrequest and KSR.siputils.has_totag()<0 and
KSR.tmx.t_is_branch_route()>0 then
KSR.rr.add_rr_param(";nat=yes")
elseif not isrequest and KSR.siputils.is_reply()>0 and KSR.isbflagset(FLB_NATB)
then
KSR.nathelper.set_contact_alias()
end
return 1
end
-- Manage outgoing branches
-- equivalent of branch_route[...]{}
function ksr_branch_manage()
KSR.dbg("new branch [".. KSR.pv.get("$T_branch_idx") ..
"] to " .. KSR.kx.get_ruri() .. "\n")
ksr_route_natmanage()
return 1
end
-- Manage incoming replies
function ksr_onreply_manage()
local scode = KSR.kx.get_status()
if scode>100 and scode<299 then
ksr_route_natmanage()
end
return 1
end
-- Manage failure routing cases equivalent of failure_route[...]{}
function ksr_failure_manage()
ksr_route_natmanage()
-- if KSR.tm.t_is_canceled()>0 then return 1; end
return 1
end
-- SIP response handling
-- equivalent of reply_route{}
function ksr_reply_route()
if KSR.sanity.sanity_check(17604, 6)<0 then
KSR.err("malformed SIP response from " .. KSR.kx.get_srcip() ..
":" .. KSR.kx.get_srcport() .."\n")
KSR.x.drop()
end
return 1
end
-- Routing to foreign domains
function ksr_route_sipout()
local first=string.sub(KSR.kx.gete_ruser(), 1, 1)
if first == '+' or first == '0' then
local y = KSR.enum.enum_query()
KSR.err('ENUM RESULT ' .. tostring(y) .. ' :RURI ' ..
KSR.kx.get_ruri() .. '\n')
if y == -1 and (not KSR.is_myself_furi() or KSR.kx.get_fuser() ==
'online') then
KSR.sl.sl_send_reply(403, "Aliens not served here.")
KSR.x.exit()
end
end
if KSR.is_myself_ruri() then return 1; end
KSR.hdr.append("P-Hint: outbound\r\n");
ksr_route_relay();
KSR.x.exit();
end
function ksr_sipdump_event(evname)
local dst_port, dst_ip, src_port, src_ip =
KSR.pv.gete("$sipdump(dst_port)"), KSR.sipdump.get_dst_ip(),
KSR.pv.gete("$sipdump(src_port)"), KSR.sipdump.get_src_ip()
if (dst_ip == "144.76.142.78" and src_ip == "144.76.142.78") or
not ((dst_port == 5060 and dst_ip == "144.76.142.78") or (src_port == 5060 and
src_ip == "144.76.142.78")) then
KSR.err("sipdump " .. evname .. " src " .. src_ip ..
':' .. src_port .. " dst " .. dst_ip .. ':' .. dst_port ..
"\n" .. KSR.pv.gete("$sipdump(buf)") .. "\n")
end
return 1
end
-- event callback function implemented in Lua
function ksr_xhttp_event(evname)
KSR.set_reply_close()
KSR.set_reply_no_connect()
if KSR.kx.get_srcip() ~= '144.76.142.78' then -- if
KSR.pv.gete("$Rp") ~= 8080 then
KSR.xhttp.xhttp_reply("403", "Forbidden",
"text/plain", "Plan B2." .. KSR.kx.get_srcip())
KSR.x.exit()
end
if string.lower(KSR.hdr.gete("Upgrade")) == "websocket" and
string.find(string.lower(KSR.hdr.gete("Connection")), "upgrade") ~=
nil and string.upper(KSR.kx.get_method()) == "GET" then
local host = KSR.hdr.get("Host")
if host == nil then --or not KSR.is_myself("sip:" .. host) then
KSR.xhttp.xhttp_reply("403", "Forbidden",
"text/plain", "Plan B3.")
KSR.x.exit()
end
if KSR.websocket.handle_handshake() > 0 then
KSR.x.exit()
end
end
KSR.err("===== xhttp 1 module triggered event: " .. evname ..
"\n")
KSR.xhttp.xhttp_reply("200", "OK", "text/html",
"<html><body>OK - [" .. KSR.pv.gete("$si") ..
":" .. KSR.pv.gete("$sp") .. "]</body></html>")
return 1
end
function ksr_tcpops_event(evname)
KSR.info("===== tcpops module triggered event: " .. evname .. " Source
IP " .. KSR.pv.gete("$si") .. " Source port " ..
KSR.pv.gete("$sp") .. "\n")
return 1
end
</details>
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3350#issuecomment-2123232227
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3350/2123232227(a)github.com>