Hi Sammy,

its attached as files. I put it again directly into the mail....

2012/4/13 SamyGo govoiper@gmail.com:

Hi, These are not the sip-traces we are looking for. Please attach sipgrep / ngrep / tcpdump traces so someone can help you better.

interface: eth0 (172.20.100.0/255.255.255.0) filter: (ip or ip6) and ( port 5060 )

U 2012/04/12 11:08:12.011398 217.777.777.777:6623 -> 222.222.222.222:5060 INVITE sip:kalkbrenner@222.222.222.222 SIP/2.0. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport. Max-Forwards: 70. Contact: sip:4horsmann@172.20.100.103:24640. To: sip:kalkbrenner@222.222.222.222. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 1 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Supported: replaces. User-Agent: X-Lite 4 release 4.1 stamp 63214. Content-Length: 234. . v=0. o=- 12978695291979834 1 IN IP4 172.20.100.103. s=CounterPath X-Lite 4.1. c=IN IP4 172.20.100.103. t=0 0. m=audio 50726 RTP/AVP 107 0 8 101. a=rtpmap:107 BV32/16000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-15. a=sendrecv.

U 2012/04/12 11:08:12.012345 222.222.222.222:5060 -> 217.777.777.777:6623 SIP/2.0 407 Proxy Authentication Required. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport=6623;received=217.777.777.777. To: sip:kalkbrenner@222.222.222.222;tag=2177214caadfb19cce4f58e7bd0a834d.571c. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 1 INVITE. Proxy-Authenticate: Digest realm="222.222.222.222", nonce="T4acpk+Gm3oLqpw91aQktvf9VNpwRwKh". Server: Kamailio. Content-Length: 0. Warning: 392 222.222.222.222:5060 "Noisy feedback tells: pid=15453 req_src_ip=217.777.777.777 req_src_port=6623 in_uri=sip:kalkbrenner@222.222.222.222 out_uri=sip:kalkbrenner@222.222.222.222 via_cnt==1". .

U 2012/04/12 11:08:12.046144 217.777.777.777:6623 -> 222.222.222.222:5060 ACK sip:kalkbrenner@222.222.222.222 SIP/2.0. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport. Max-Forwards: 70. To: sip:kalkbrenner@222.222.222.222;tag=2177214caadfb19cce4f58e7bd0a834d.571c. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 1 ACK. Content-Length: 0. .

U 2012/04/12 11:08:12.056892 217.777.777.777:6623 -> 222.222.222.222:5060 INVITE sip:kalkbrenner@222.222.222.222 SIP/2.0. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport. Max-Forwards: 70. Contact: sip:4horsmann@172.20.100.103:24640. To: sip:kalkbrenner@222.222.222.222. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Proxy-Authorization: Digest username="4horsmann",realm="222.222.222.222",nonce="T4acpk+Gm3oLqpw91aQktvf9VNpwRwKh",uri="sip:kalkbrenner@222.222.222.222",response="7f23830669695d1c9bd86aadf5f714a7",algorithm=MD5. Supported: replaces. User-Agent: X-Lite 4 release 4.1 stamp 63214. Content-Length: 234. . v=0. o=- 12978695291979834 1 IN IP4 172.20.100.103. s=CounterPath X-Lite 4.1. c=IN IP4 172.20.100.103. t=0 0. m=audio 50726 RTP/AVP 107 0 8 101. a=rtpmap:107 BV32/16000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-15. a=sendrecv.

U 2012/04/12 11:08:12.058390 222.222.222.222:5060 -> 217.777.777.777:6623 SIP/2.0 100 trying -- your call is important to us. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport=6623;received=217.777.777.777. To: sip:kalkbrenner@222.222.222.222. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Server: Kamailio. Content-Length: 0. Warning: 392 222.222.222.222:5060 "Noisy feedback tells: pid=15454 req_src_ip=217.777.777.777 req_src_port=6623 in_uri=sip:kalkbrenner@222.222.222.222 out_uri=sip:kalkbrenner@172.20.100.61 via_cnt==1". .

U 2012/04/12 11:08:12.059305 172.20.100.74:5060 -> 172.20.100.61:5060 INVITE sip:kalkbrenner@172.20.100.61 SIP/2.0. Record-Route: sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Record-Route: sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0. Via: SIP/2.0/UDP 172.20.100.103:24640;received=217.777.777.777;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport=6623. Max-Forwards: 69. Contact: sip:4horsmann@217.777.777.777:6623. To: sip:kalkbrenner@222.222.222.222. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Supported: replaces. User-Agent: X-Lite 4 release 4.1 stamp 63214. Content-Length: 248. . v=0. o=- 12978695291979834 1 IN IP4 172.20.10.74. s=CounterPath X-Lite 4.1. c=IN IP4 172.20.10.74. t=0 0. m=audio 36772 RTP/AVP 107 0 8 101. a=rtpmap:107 BV32/16000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-15. a=sendrecv. a=nortpproxy:yes.

U 2012/04/12 11:08:12.062413 172.20.100.61:5060 -> 172.20.100.74:5060 SIP/2.0 100 Trying. Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0. Via: SIP/2.0/UDP 172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. To: sip:kalkbrenner@222.222.222.222;tag=ds-71add98e-b2021197. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Content-Length: 0. .

U 2012/04/12 11:08:12.113633 172.20.100.61:5060 -> 172.20.100.74:5060 SIP/2.0 200 Ok. Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0. Via: SIP/2.0/UDP 172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. To: sip:kalkbrenner@222.222.222.222;tag=ds-71add98e-b2021197. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Content-Length: 182. Content-Type: application/sdp. Record-Route: sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Record-Route: sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Supported: replaces. Supported: 100rel. Allow: INVITE. Allow: ACK. Allow: BYE. Allow: CANCEL. Allow: OPTIONS. Allow: NOTIFY. Allow: REFER. Allow: PRACK. Allow: INFO. Allow: UPDATE. Allow: MESSAGE. Contact: sip:172.20.100.61. . v=0. o=aculab-01E47801 978780110 978780110 IN IP4 172.20.100.61. s=-. c=IN IP4 172.20.100.71. t=0 0. m=audio 19488 RTP/AVP 0 101. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-15.

U 2012/04/12 11:08:12.114296 222.222.222.222:5060 -> 217.777.777.777:6623 SIP/2.0 200 Ok. Via: SIP/2.0/UDP 172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777. From: sip:4horsmann@222.222.222.222;tag=15cd9a6b. To: sip:kalkbrenner@222.222.222.222;tag=ds-71add98e-b2021197. Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ.. CSeq: 2 INVITE. Content-Length: 200. Content-Type: application/sdp. Record-Route: sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Record-Route: sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Supported: replaces. Supported: 100rel. Allow: INVITE. Allow: ACK. Allow: BYE. Allow: CANCEL. Allow: OPTIONS. Allow: NOTIFY. Allow: REFER. Allow: PRACK. Allow: INFO. Allow: UPDATE. Allow: MESSAGE. Contact: sip:172.20.100.61. . v=0. o=aculab-01E47801 978780110 978780110 IN IP4 222.222.222.222. s=-. c=IN IP4 222.222.222.222. t=0 0. m=audio 51956 RTP/AVP 0 101. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-15. a=nortpproxy:yes.

U 2012/04/12 11:08:12.221470 217.777.777.777:6623 -> 222.222.222.222:5060 ACK sip:172.20.100.61 SIP/2.0. Via: SIP/2.0/UDP 172.20.100.103:24640;branch=z9hG4bK-d8754z-a33e18d83b528f25-1---d8754z-;rport. Max-Forwards: 70. Route: sip:222.222.222.222;lr;r2=on;ftag=15cd9a6b;nat=yes. Route: sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes. Contact: sip:4horsmann@172.20.100.103:24640. To: sip:kalkbrenner@222.222.222.222;tag=ds-71add98e-b2021197. ########################################## #!KAMAILIO # # #!substdef "/4COM_EXT_IP/222.222.222.222/" #!substdef "/4COM_INT_IP/172.20.100.74/" #!substdef "/4COM_DB_IP/dbdev/" # # # # Kamailio (OpenSER) SIP Server v3.2 - default configuration script # - web: http://www.kamailio.org # - git: http://sip-router.org # # Direct your questions about this file to: sr-users@lists.sip-router.org # # Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php # for an explanation of possible statements, functions and parameters. # # Several features can be enabled using '#!define WITH_FEATURE' directives: # # *** To run in debug mode: # - define WITH_DEBUG # # *** To enable mysql: #!define WITH_MYSQL # # *** To enable authentication execute: # - enable mysql #!define WITH_AUTH # - add users using 'kamctl' # # *** To enable IP authentication execute: # - enable mysql # - enable authentication # - define WITH_IPAUTH # - add IP addresses with group id '1' to 'address' table # # *** To enable persistent user location execute: # - enable mysql #!define WITH_USRLOCDB # # *** To enable presence server execute: # - enable mysql # - define WITH_PRESENCE # # *** To enable nat traversal execute: #!define WITH_NAT # - install RTPProxy: http://www.rtpproxy.org # - start RTPProxy: # rtpproxy -l _your_public_ip_ -s udp:localhost:7722 # # *** To enable PSTN gateway routing execute: # - define WITH_PSTN # - set the value of pstn.gw_ip # - check route[PSTN] for regexp routing condition # # *** To enable database aliases lookup execute: # - enable mysql # - define WITH_ALIASDB # # *** To enable speed dial lookup execute: # - enable mysql # - define WITH_SPEEDDIAL # # *** To enable multi-domain support execute: # - enable mysql # - define WITH_MULTIDOMAIN # # *** To enable TLS support execute: # - adjust CFGDIR/tls.cfg as needed # - define WITH_TLS # # *** To enable XMLRPC support execute: # - define WITH_XMLRPC # - adjust route[XMLRPC] for access policy # # *** To enable anti-flood detection execute: # - adjust pike and htable=>ipban settings as needed (default is # block if more than 16 requests in 2 seconds and ban for 300 seconds) #!define WITH_ANTIFLOOD # # *** To block 3XX redirect replies execute: #!define WITH_BLOCK3XX # # *** To enable VoiceMail routing execute: # - define WITH_VOICEMAIL # - set the value of voicemail.srv_ip # - adjust the value of voicemail.srv_port # # *** To enhance accounting execute: # - enable mysql # - define WITH_ACCDB # - add following columns to database #!ifdef ACCDB_COMMENT ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default ''; ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default ''; ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; #!endif

# *** To enable perl execute: #!define WITH_PERL

#!define WITH_UAC

# define WITH_DISPATCHER

# define WITH_SIPTRACE

server_header="Server: Kamailio" # sip_waring for production use set it to "0" sip_warning=1 ####### Defined Values #########

# *** Value defines - IDs used later in config #!ifdef WITH_MYSQL # - database URL - used to connect to database server by modules such # as: auth_db, acc, usrloc, a.s.o. #!define DBURL "mysql://user:xxxxxx@4COM_DB_IP/kamailio" #!endif #!ifdef WITH_MULTIDOMAIN # - the value for 'use_domain' parameters #!define MULTIDOMAIN 1 #!else #!define MULTIDOMAIN 0 #!endif

# - flags # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5

#!define FLB_NATB 6 #!define FLB_NATSIPPING 7

####### Global Parameters ######### # #!ifdef WITH_DEBUG debug=4 log_stderror=no #!else debug=2 log_stderror=no #!endif

memdbg=5 memlog=5

log_facility=LOG_LOCAL0

fork=yes children=4

/* uncomment the next line to disable TCP (default on) */ #disable_tcp=yes

/* uncomment the next line to disable the auto discovery of local aliases based on reverse DNS on IPs (default on) */ auto_aliases=no

/* add local domain aliases */ #alias="sip.mydomain.com"

/* uncomment and configure the following line if you want Kamailio to bind on a specific interface/port/proto (default bind on all available) */ #listen=udp:10.0.0.10:5060

listen="4COM_INT_IP" # first interface - must be internal for rtpproxy "i" listen="4COM_EXT_IP" # second interface - must be external for rtpproxy "e"

/* port to listen to * - can be specified more than once if needed to listen on many ports */ port=5060

#!ifdef WITH_TLS enable_tls=yes #!endif

# life time of TCP connection when there is no traffic # - a bit higher than registration expires to cope with UA behind NAT tcp_connection_lifetime=3605

# 4horsmann 2012-04-02 mhomed=1

####### Modules Section ########

# set paths to location of modules (to sources or installation folders) #!ifdef WITH_SRCPATH mpath="modules_k:modules" #!else mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/" #!endif

#!ifdef WITH_MYSQL loadmodule "db_mysql.so" #!endif

loadmodule "mi_fifo.so" loadmodule "kex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "mi_rpc.so" loadmodule "acc.so" loadmodule "dialog.so"

#!ifdef WITH_SIPTRACE loadmodule "siptrace.so" #!endif

#!ifdef WITH_PERL loadmodule "perl.so" #!endif

#!ifdef WITH_AUTH loadmodule "auth.so" loadmodule "auth_db.so" #!ifdef WITH_IPAUTH loadmodule "permissions.so" #!endif #!endif

#!ifdef WITH_ALIASDB loadmodule "alias_db.so" #!endif

#!ifdef WITH_SPEEDDIAL loadmodule "speeddial.so" #!endif

#!ifdef WITH_MULTIDOMAIN loadmodule "domain.so" #!endif

#!ifdef WITH_PRESENCE loadmodule "presence.so" loadmodule "presence_xml.so" #!endif

#!ifdef WITH_NAT loadmodule "nathelper.so" loadmodule "rtpproxy.so" #!endif

#!ifdef WITH_TLS loadmodule "tls.so" #!endif

#!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so" #!endif

#!ifdef WITH_XMLRPC loadmodule "xmlrpc.so" #!endif

#!ifdef WITH_DEBUG loadmodule "debugger.so" #!endif

#!ifdef WITH_UAC loadmodule "uac.so" #!endif

#!ifdef WITH_DISPATCHER loadmodule "dispatcher.so" #!endif

# ----------------- setting module-specific parameters ---------------

#!ifdef WITH_SIPTRACE modparam("siptrace", "db_url", DBURL) modparam("siptrace", "trace_flag", 0) #!endif

#!ifdef WITH_DISPATCHER modparam("dispatcher", "db_url", DBURL) modparam("dispatcher", "flags", 2) modparam("dispatcher", "dst_avp", "$avp(dsdst)") modparam("dispatcher", "grp_avp", "$avp(dsgrp)") modparam("dispatcher", "cnt_avp", "$avp(dscnt)") #modparam("dispatcher", "dstid_avp", "$avp(dsdstid)") modparam("dispatcher", "ds_ping_interval", 30) modparam("dispatcher", "ds_probing_mode", 1) #!endif

#!ifdef WITH_UAC modparam("uac", "reg_db_url", DBURL) modparam("uac", "reg_contact_addr", "4COM_EXT_IP:5060") #!endif

#!ifdef WITH_PERL modparam("perl", "filename", "/usr/local/etc/kamailio/perlcdr.pl") modparam("perl", "modpath", "/usr/local/lib/kamailio/perl/") #!endif

modparam("htable", "htable", "a=>size=14;autoexpire=86400;")

modparam("dialog", "dlg_flag", 6) modparam("dialog", "enable_stats", 1) modparam("dialog", "dlg_match_mode", 1)

# ----- mi_fifo params ----- modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")

# ----- tm params ----- # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 30000) # default invite retransmission timeout after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000) # 2012-04-03 4horsmann: we are multihomed, so deaktivate reparse on dns failover modparam("tm", "reparse_on_dns_failover", 0)

# ----- rr params ----- # add value to ;lr param to cope with most of the UAs modparam("rr", "enable_full_lr", 1) # do not append from tag to the RR (no need for this script) # 4horsmann - need append_fromtag for module uac modparam("rr", "append_fromtag", 1)

# ----- registrar params ----- modparam("registrar", "method_filtering", 1) /* uncomment the next line to disable parallel forking via location */ # modparam("registrar", "append_branches", 0) /* uncomment the next line not to allow more than 10 contacts per AOR */ #modparam("registrar", "max_contacts", 10) # max value for expires of registrations modparam("registrar", "max_expires", 3600)

# ----- acc params ----- /* what special events should be accounted ? */ modparam("acc", "early_media", 0) modparam("acc", "report_ack", 0) modparam("acc", "report_cancels", 0) /* by default ww do not adjust the direct of the sequential requests. if you enable this parameter, be sure the enable "append_fromtag" in "rr" module */ modparam("acc", "detect_direction", 0) /* account triggers (flags) */ modparam("acc", "log_flag", FLT_ACC) modparam("acc", "log_missed_flag", FLT_ACCMISSED) modparam("acc", "log_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") modparam("acc", "failed_transaction_flag", FLT_ACCFAILED) /* enhanced DB accounting */ #!ifdef WITH_ACCDB modparam("acc", "db_flag", FLT_ACC) modparam("acc", "db_missed_flag", FLT_ACCMISSED) modparam("acc", "db_url", DBURL) modparam("acc", "db_extra", "src_user=$fU;src_domain=$fd;src_ip=$si;" "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") #!endif

# ----- usrloc params ----- /* enable DB persistency for location entries */ #!ifdef WITH_USRLOCDB modparam("usrloc", "db_url", DBURL) modparam("usrloc", "db_mode", 2) modparam("usrloc", "use_domain", MULTIDOMAIN) #!endif

# ----- auth_db params ----- #!ifdef WITH_AUTH modparam("auth_db", "db_url", DBURL) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "") modparam("auth_db", "use_domain", MULTIDOMAIN)

# ----- permissions params ----- #!ifdef WITH_IPAUTH modparam("permissions", "db_url", DBURL) modparam("permissions", "db_mode", 1) #!endif

#!endif

# ----- alias_db params ----- #!ifdef WITH_ALIASDB modparam("alias_db", "db_url", DBURL) modparam("alias_db", "use_domain", MULTIDOMAIN) #!endif

# ----- speedial params ----- #!ifdef WITH_SPEEDDIAL modparam("speeddial", "db_url", DBURL) modparam("speeddial", "use_domain", MULTIDOMAIN) #!endif

# ----- domain params ----- #!ifdef WITH_MULTIDOMAIN modparam("domain", "db_url", DBURL) # use caching modparam("domain", "db_mode", 1) # register callback to match myself condition with domains list modparam("domain", "register_myself", 1) #!endif

#!ifdef WITH_PRESENCE # ----- presence params ----- modparam("presence", "db_url", DBURL)

# ----- presence_xml params ----- modparam("presence_xml", "db_url", DBURL) modparam("presence_xml", "force_active", 1) #!endif

#!ifdef WITH_NAT # ----- rtpproxy params ----- # modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722") modparam("rtpproxy", "rtpproxy_sock", "unix:/home/sys/bin/rtpproxy.sock") # ----- nathelper params ----- modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org")

# params needed for NAT traversal in other modules modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)") modparam("usrloc", "nat_bflag", FLB_NATB) #!endif

#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") #!endif

#!ifdef WITH_ANTIFLOOD # ----- pike params ----- modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4)

# ----- htable params ----- # ip ban htable with autoexpire after 5 minutes modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif

#!ifdef WITH_XMLRPC # ----- xmlrpc params ----- modparam("xmlrpc", "route", "XMLRPC"); modparam("xmlrpc", "url_match", "^/RPC") #!endif

#!ifdef WITH_DEBUG # ----- debugger params ----- modparam("debugger", "cfgtrace", 1) #!endif

####### Routing Logic ########

# Main SIP request routing logic # - processing of any incoming SIP request starts with this route # - note: this is the same as route { ... } request_route {

force_rport(); # 2012-04-02 4horsmann

if(has_body("application/sdp") && (is_method("ACK") ) ) xlog("ACK with SDP \n");

# per request initial checks route(REQINIT);

# NAT detection route(NATDETECT);

if (method == "BYE" || method == "CANCEL") unforce_rtp_proxy();

# handle requests within SIP dialogs route(WITHINDLG);

### only initial requests (no To tag)

# CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; }

t_check_trans();

# authentication route(AUTH);

# record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();

# account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting }

# dispatch requests to foreign domains route(SIPOUT);

### requests for my local domains

# handle presence related requests route(PRESENCE);

# handle registrations route(REGISTRAR);

if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; }

# dispatch destinations to PSTN route(PSTN);

# user location service route(LOCATION);

route(RELAY);

#!ifdef WITH_DISPATCHER ds_select_dst("2", "0"); xlog("DISPATCHER ds_select_dst\n"); forward(); #!endif }

route[RELAY] { xlog("route RELAY M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|SUBSCRIBE")) { t_on_branch("MANAGE_BRANCH"); t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { t_on_failure("MANAGE_FAILURE"); }

if (!t_relay()) { sl_reply_error(); } exit; }

#### # Per SIP request initial checks route[REQINIT] { #!ifdef WITH_ANTIFLOOD # flood dection from same IP and traffic ban for a while # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } #!endif

if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }

if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }

# Handle requests within SIP dialogs route[WITHINDLG] { if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) {

if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails } if (is_method("ACK") ) {

# ACK is forwarded statelessy if(has_body("application/sdp")) { xlog("ACK with SDP routed NATMANAGE\n"); } else { xlog("ACK routed to NATMANAGE\n"); }

route(NATMANAGE); } route(RELAY); } else { if (is_method("SUBSCRIBE") && uri == myself) { # in-dialog subscribe requests route(PRESENCE); exit; } if (is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server xlog("ACK stateful\n"); t_relay(); exit; } else { # ACK without matching transaction ... ignore and discard xlog("ACK without matching transaction - ignore and discard M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); exit; } } sl_send_reply("404","Not here"); } exit; } }

# Handle SIP registrations route[REGISTRAR] { if (is_method("REGISTER")) { if(isflagset(FLT_NATS)) { setbflag(FLB_NATB); # uncomment next line to do SIP NAT pinging ## setbflag(FLB_NATSIPPING); } if (!save("location")) sl_reply_error();

exit; } }

# USER location service route[LOCATION] {

#!ifdef WITH_SPEEDIAL # search for short dialing - 2-digit extension if($rU=~"^[0-9][0-9]$") if(sd_lookup("speed_dial")) route(SIPOUT); #!endif

#!ifdef WITH_ALIASDB # search in DB-based aliases if(alias_db_lookup("dbaliases")) route(SIPOUT); #!endif

$avp(oexten) = $rU; if (!lookup("location")) { $var(rc) = $rc; route(TOVOICEMAIL); t_newtran(); switch ($var(rc)) { case -1: case -3: send_reply("404", "Not Found"); exit; case -2: send_reply("405", "Method Not Allowed"); exit; } }

# when routing via usrloc, log the missed calls also if (is_method("INVITE")) { setflag(FLT_ACCMISSED); } }

# Presence server route route[PRESENCE] { if(!is_method("PUBLISH|SUBSCRIBE")) return;

#!ifdef WITH_PRESENCE if (!t_newtran()) { sl_reply_error(); exit; };

if(is_method("PUBLISH")) { handle_publish(); t_release(); } else if( is_method("SUBSCRIBE")) { handle_subscribe(); t_release(); } exit; #!endif # if presence enabled, this part will not be executed if (is_method("PUBLISH") || $rU==$null) { sl_send_reply("404", "Not here"); exit; } return; }

# Authentication route route[AUTH] { #!ifdef WITH_AUTH if (is_method("REGISTER")) { # authenticate the REGISTER requests (uncomment to enable auth) if (!www_authorize("$td", "subscriber")) { www_challenge("$td", "0"); exit; }

if ($au!=$tU) { sl_send_reply("403","Forbidden auth ID"); exit; } } else {

#!ifdef WITH_IPAUTH if(allow_source_address()) { # source IP allowed return; } #!endif

# authenticate if from local subscriber if (from_uri==myself) { if (!proxy_authorize("$fd", "subscriber")) { proxy_challenge("$fd", "0"); exit; } if (is_method("PUBLISH")) { if ($au!=$fU || $au!=$tU) { sl_send_reply("403","Forbidden auth ID"); exit; } if ($au!=$rU) { sl_send_reply("403","Forbidden R-URI"); exit; } #!ifdef WITH_MULTIDOMAIN if ($fd!=$rd) { sl_send_reply("403","Forbidden R-URI domain"); exit; } #!endif } else { if ($au!=$fU) { sl_send_reply("403","Forbidden auth ID"); exit; } }

consume_credentials(); # caller authenticated } else { # caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (!uri==myself) { sl_send_reply("403","Not relaying"); exit; } } } #!endif return; }

# Caller NAT detection route route[NATDETECT] { #!ifdef WITH_NAT xlog("NATDETECT! M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); force_rport(); if (nat_uac_test("19")) { if (is_method("REGISTER")) { xlog ("NATDETECT-2 fix nated register M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); fix_nated_register(); } else { xlog ("NATDETECT-3 fix nated contact M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); fix_nated_contact(); } setflag(FLT_NATS); } #!endif return; }

# RTPProxy control route[NATMANAGE] { #!ifdef WITH_NAT xlog("NATMANAGE M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); if (is_request()) { if(has_totag()) { if(check_route_param("nat=yes")) { setbflag(FLB_NATB); } } }

if (isbflagset(FLB_NATB)) return;

if (dst_ip == 222.222.222.222) { xlog("rtpproxy_manage extern zu intern\n"); rtpproxy_manage("OCFEI","172.20.10.74");

} else { xlog("rtpproxy_manage intern zu extern\n"); rtpproxy_manage("OCFIE","222.222.222.222"); }

if (is_request()) { if (!has_totag()) { add_rr_param(";nat=yes"); } } if (is_reply()) { if(isbflagset(FLB_NATB)) { fix_nated_contact(); } } #!endif return; }

# RTPProxy control route[NATMANAGEFOOBAR] { #!ifdef WITH_NAT xlog("NATMANAGE M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n"); if (is_request()) { if(has_totag()) { if(check_route_param("nat=yes")) { setbflag(FLB_NATB); } } }

if (isbflagset(FLB_NATB)) return;

xlog("rtpproxy_manage \n"); rtpproxy_manage();

if (is_request()) { if (!has_totag()) { add_rr_param(";nat=yes"); } } if (is_reply()) { if(isbflagset(FLB_NATB)) { fix_nated_contact(); } } #!endif return; }

# Routing to foreign domains # Routing to foreign domains route[SIPOUT] { if (!uri==myself) { append_hf("P-hint: outbound\r\n"); route(RELAY); } }

# PSTN GW routing route[PSTN] { #!ifdef WITH_PSTN # check if PSTN GW IP is defined if (strempty($sel(cfg_get.pstn.gw_ip))) { xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n"); return; }

# route to PSTN dialed numbers starting with '+' or '00' # (international format) # - update the condition to match your dialing rules for PSTN routing if(!($rU=~"^(+|00)[1-9][0-9]{3,20}$")) return;

# only local users allowed to call if(from_uri!=myself) { sl_send_reply("403", "Not Allowed"); exit; }

$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);

route(RELAY); exit; #!endif

return; }

# XMLRPC routing #!ifdef WITH_XMLRPC route[XMLRPC] { # allow XMLRPC from localhost if ((method=="POST" || method=="GET") && (src_ip==127.0.0.1)) { # close connection only for xmlrpclib user agents (there is a bug in # xmlrpclib: it waits for EOF before interpreting the response). if ($hdr(User-Agent) =~ "xmlrpclib") set_reply_close(); set_reply_no_connect(); dispatch_rpc(); exit; } send_reply("403", "Forbidden"); exit; } #!endif

# route to voicemail server route[TOVOICEMAIL] { #!ifdef WITH_VOICEMAIL if(!is_method("INVITE")) return;

# check if VoiceMail server IP is defined if (strempty($sel(cfg_get.voicemail.srv_ip))) { xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n"); return; } if($avp(oexten)==$null) return;

$ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip) + $sel(cfg_get.voicemail.srv_port); route(RELAY); exit; #!endif

return; }

# manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); route(NATMANAGE); }

# manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); if(status=~"[12][0-9][0-9]") route(NATMANAGE); }

# manage failure routing cases failure_route[MANAGE_FAILURE] { route(NATMANAGE);

if (t_is_canceled()) { exit; }

#!ifdef WITH_BLOCK3XX # block call redirect based on 3xx replies. if (t_check_status("3[0-9][0-9]")) { t_reply("404","Not found"); exit; } #!endif

#!ifdef WITH_VOICEMAIL # serial forking # - route to voicemail on busy or no answer (timeout) if (t_check_status("486|408")) { route(TOVOICEMAIL); exit; } #!endif

}