[SR-Users] 200 OK with SDP gets private ip in contact field
Karsten Horsmann
khorsmann at gmail.com
Fri Apr 13 09:47:00 CEST 2012
Hi Sammy,
its attached as files. I put it again directly into the mail....
2012/4/13 SamyGo <govoiper at gmail.com>:
> Hi,
> These are not the sip-traces we are looking for. Please attach sipgrep /
> ngrep / tcpdump traces so someone can help you better.
interface: eth0 (172.20.100.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )
U 2012/04/12 11:08:12.011398 217.777.777.777:6623 -> 222.222.222.222:5060
INVITE sip:kalkbrenner at 222.222.222.222 SIP/2.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:4horsmann at 172.20.100.103:24640>.
To: <sip:kalkbrenner at 222.222.222.222>.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 1 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Supported: replaces.
User-Agent: X-Lite 4 release 4.1 stamp 63214.
Content-Length: 234.
.
v=0.
o=- 12978695291979834 1 IN IP4 172.20.100.103.
s=CounterPath X-Lite 4.1.
c=IN IP4 172.20.100.103.
t=0 0.
m=audio 50726 RTP/AVP 107 0 8 101.
a=rtpmap:107 BV32/16000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-15.
a=sendrecv.
U 2012/04/12 11:08:12.012345 222.222.222.222:5060 -> 217.777.777.777:6623
SIP/2.0 407 Proxy Authentication Required.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport=6623;received=217.777.777.777.
To: <sip:kalkbrenner at 222.222.222.222>;tag=2177214caadfb19cce4f58e7bd0a834d.571c.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 1 INVITE.
Proxy-Authenticate: Digest realm="222.222.222.222",
nonce="T4acpk+Gm3oLqpw91aQktvf9VNpwRwKh".
Server: Kamailio.
Content-Length: 0.
Warning: 392 222.222.222.222:5060 "Noisy feedback tells: pid=15453
req_src_ip=217.777.777.777 req_src_port=6623
in_uri=sip:kalkbrenner at 222.222.222.222
out_uri=sip:kalkbrenner at 222.222.222.222 via_cnt==1".
.
U 2012/04/12 11:08:12.046144 217.777.777.777:6623 -> 222.222.222.222:5060
ACK sip:kalkbrenner at 222.222.222.222 SIP/2.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-90aceb73b0299f2e-1---d8754z-;rport.
Max-Forwards: 70.
To: <sip:kalkbrenner at 222.222.222.222>;tag=2177214caadfb19cce4f58e7bd0a834d.571c.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 1 ACK.
Content-Length: 0.
.
U 2012/04/12 11:08:12.056892 217.777.777.777:6623 -> 222.222.222.222:5060
INVITE sip:kalkbrenner at 222.222.222.222 SIP/2.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:4horsmann at 172.20.100.103:24640>.
To: <sip:kalkbrenner at 222.222.222.222>.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Proxy-Authorization: Digest
username="4horsmann",realm="222.222.222.222",nonce="T4acpk+Gm3oLqpw91aQktvf9VNpwRwKh",uri="sip:kalkbrenner at 222.222.222.222",response="7f23830669695d1c9bd86aadf5f714a7",algorithm=MD5.
Supported: replaces.
User-Agent: X-Lite 4 release 4.1 stamp 63214.
Content-Length: 234.
.
v=0.
o=- 12978695291979834 1 IN IP4 172.20.100.103.
s=CounterPath X-Lite 4.1.
c=IN IP4 172.20.100.103.
t=0 0.
m=audio 50726 RTP/AVP 107 0 8 101.
a=rtpmap:107 BV32/16000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-15.
a=sendrecv.
U 2012/04/12 11:08:12.058390 222.222.222.222:5060 -> 217.777.777.777:6623
SIP/2.0 100 trying -- your call is important to us.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport=6623;received=217.777.777.777.
To: <sip:kalkbrenner at 222.222.222.222>.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Server: Kamailio.
Content-Length: 0.
Warning: 392 222.222.222.222:5060 "Noisy feedback tells: pid=15454
req_src_ip=217.777.777.777 req_src_port=6623
in_uri=sip:kalkbrenner at 222.222.222.222
out_uri=sip:kalkbrenner at 172.20.100.61 via_cnt==1".
.
U 2012/04/12 11:08:12.059305 172.20.100.74:5060 -> 172.20.100.61:5060
INVITE sip:kalkbrenner at 172.20.100.61 SIP/2.0.
Record-Route: <sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Record-Route: <sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;received=217.777.777.777;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;rport=6623.
Max-Forwards: 69.
Contact: <sip:4horsmann at 217.777.777.777:6623>.
To: <sip:kalkbrenner at 222.222.222.222>.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO.
Content-Type: application/sdp.
Supported: replaces.
User-Agent: X-Lite 4 release 4.1 stamp 63214.
Content-Length: 248.
.
v=0.
o=- 12978695291979834 1 IN IP4 172.20.10.74.
s=CounterPath X-Lite 4.1.
c=IN IP4 172.20.10.74.
t=0 0.
m=audio 36772 RTP/AVP 107 0 8 101.
a=rtpmap:107 BV32/16000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-15.
a=sendrecv.
a=nortpproxy:yes.
U 2012/04/12 11:08:12.062413 172.20.100.61:5060 -> 172.20.100.74:5060
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
To: <sip:kalkbrenner at 222.222.222.222>;tag=ds-71add98e-b2021197.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Content-Length: 0.
.
U 2012/04/12 11:08:12.113633 172.20.100.61:5060 -> 172.20.100.74:5060
SIP/2.0 200 Ok.
Via: SIP/2.0/UDP 172.20.100.74;branch=z9hG4bK446a.8fd36a96.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
To: <sip:kalkbrenner at 222.222.222.222>;tag=ds-71add98e-b2021197.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Content-Length: 182.
Content-Type: application/sdp.
Record-Route: <sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Record-Route: <sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Supported: replaces.
Supported: 100rel.
Allow: INVITE.
Allow: ACK.
Allow: BYE.
Allow: CANCEL.
Allow: OPTIONS.
Allow: NOTIFY.
Allow: REFER.
Allow: PRACK.
Allow: INFO.
Allow: UPDATE.
Allow: MESSAGE.
Contact: <sip:172.20.100.61>.
.
v=0.
o=aculab-01E47801 978780110 978780110 IN IP4 172.20.100.61.
s=-.
c=IN IP4 172.20.100.71.
t=0 0.
m=audio 19488 RTP/AVP 0 101.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-15.
U 2012/04/12 11:08:12.114296 222.222.222.222:5060 -> 217.777.777.777:6623
SIP/2.0 200 Ok.
Via: SIP/2.0/UDP
172.20.100.103:24640;rport=6623;branch=z9hG4bK-d8754z-ecdba29cd4294862-1---d8754z-;received=217.777.777.777.
From: <sip:4horsmann at 222.222.222.222>;tag=15cd9a6b.
To: <sip:kalkbrenner at 222.222.222.222>;tag=ds-71add98e-b2021197.
Call-ID: YmY0ZjcwODUzMjE5YzAzMGU3ZDZlMTdkOGY5NGRjNDQ..
CSeq: 2 INVITE.
Content-Length: 200.
Content-Type: application/sdp.
Record-Route: <sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Record-Route: <sip:222.222.222.222;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Supported: replaces.
Supported: 100rel.
Allow: INVITE.
Allow: ACK.
Allow: BYE.
Allow: CANCEL.
Allow: OPTIONS.
Allow: NOTIFY.
Allow: REFER.
Allow: PRACK.
Allow: INFO.
Allow: UPDATE.
Allow: MESSAGE.
Contact: <sip:172.20.100.61>.
.
v=0.
o=aculab-01E47801 978780110 978780110 IN IP4 222.222.222.222.
s=-.
c=IN IP4 222.222.222.222.
t=0 0.
m=audio 51956 RTP/AVP 0 101.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-15.
a=nortpproxy:yes.
U 2012/04/12 11:08:12.221470 217.777.777.777:6623 -> 222.222.222.222:5060
ACK sip:172.20.100.61 SIP/2.0.
Via: SIP/2.0/UDP
172.20.100.103:24640;branch=z9hG4bK-d8754z-a33e18d83b528f25-1---d8754z-;rport.
Max-Forwards: 70.
Route: <sip:222.222.222.222;lr;r2=on;ftag=15cd9a6b;nat=yes>.
Route: <sip:172.20.100.74;r2=on;lr=on;ftag=15cd9a6b;nat=yes>.
Contact: <sip:4horsmann at 172.20.100.103:24640>.
To: <sip:kalkbrenner at 222.222.222.222>;tag=ds-71add98e-b2021197.
##########################################
#!KAMAILIO
#
#
#!substdef "/4COM_EXT_IP/222.222.222.222/"
#!substdef "/4COM_INT_IP/172.20.100.74/"
#!substdef "/4COM_DB_IP/dbdev/"
#
#
#
# Kamailio (OpenSER) SIP Server v3.2 - default configuration script
# - web: http://www.kamailio.org
# - git: http://sip-router.org
#
# Direct your questions about this file to: <sr-users at lists.sip-router.org>
#
# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
# for an explanation of possible statements, functions and parameters.
#
# Several features can be enabled using '#!define WITH_FEATURE' directives:
#
# *** To run in debug mode:
# - define WITH_DEBUG
#
# *** To enable mysql:
#!define WITH_MYSQL
#
# *** To enable authentication execute:
# - enable mysql
#!define WITH_AUTH
# - add users using 'kamctl'
#
# *** To enable IP authentication execute:
# - enable mysql
# - enable authentication
# - define WITH_IPAUTH
# - add IP addresses with group id '1' to 'address' table
#
# *** To enable persistent user location execute:
# - enable mysql
#!define WITH_USRLOCDB
#
# *** To enable presence server execute:
# - enable mysql
# - define WITH_PRESENCE
#
# *** To enable nat traversal execute:
#!define WITH_NAT
# - install RTPProxy: http://www.rtpproxy.org
# - start RTPProxy:
# rtpproxy -l _your_public_ip_ -s udp:localhost:7722
#
# *** To enable PSTN gateway routing execute:
# - define WITH_PSTN
# - set the value of pstn.gw_ip
# - check route[PSTN] for regexp routing condition
#
# *** To enable database aliases lookup execute:
# - enable mysql
# - define WITH_ALIASDB
#
# *** To enable speed dial lookup execute:
# - enable mysql
# - define WITH_SPEEDDIAL
#
# *** To enable multi-domain support execute:
# - enable mysql
# - define WITH_MULTIDOMAIN
#
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#
# *** To enable XMLRPC support execute:
# - define WITH_XMLRPC
# - adjust route[XMLRPC] for access policy
#
# *** To enable anti-flood detection execute:
# - adjust pike and htable=>ipban settings as needed (default is
# block if more than 16 requests in 2 seconds and ban for 300 seconds)
#!define WITH_ANTIFLOOD
#
# *** To block 3XX redirect replies execute:
#!define WITH_BLOCK3XX
#
# *** To enable VoiceMail routing execute:
# - define WITH_VOICEMAIL
# - set the value of voicemail.srv_ip
# - adjust the value of voicemail.srv_port
#
# *** To enhance accounting execute:
# - enable mysql
# - define WITH_ACCDB
# - add following columns to database
#!ifdef ACCDB_COMMENT
ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL
DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL
DEFAULT '';
#!endif
# *** To enable perl execute:
#!define WITH_PERL
#!define WITH_UAC
# define WITH_DISPATCHER
# define WITH_SIPTRACE
server_header="Server: Kamailio"
# sip_waring for production use set it to "0"
sip_warning=1
####### Defined Values #########
# *** Value defines - IDs used later in config
#!ifdef WITH_MYSQL
# - database URL - used to connect to database server by modules such
# as: auth_db, acc, usrloc, a.s.o.
#!define DBURL "mysql://user:xxxxxx@4COM_DB_IP/kamailio"
#!endif
#!ifdef WITH_MULTIDOMAIN
# - the value for 'use_domain' parameters
#!define MULTIDOMAIN 1
#!else
#!define MULTIDOMAIN 0
#!endif
# - flags
# FLT_ - per transaction (message) flags
# FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
####### Global Parameters #########
#
#!ifdef WITH_DEBUG
debug=4
log_stderror=no
#!else
debug=2
log_stderror=no
#!endif
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes
/* uncomment the next line to disable the auto discovery of local aliases
based on reverse DNS on IPs (default on) */
auto_aliases=no
/* add local domain aliases */
#alias="sip.mydomain.com"
/* uncomment and configure the following line if you want Kamailio to
bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:10.0.0.10:5060
listen="4COM_INT_IP" # first interface - must be internal for rtpproxy "i"
listen="4COM_EXT_IP" # second interface - must be external for rtpproxy "e"
/* port to listen to
* - can be specified more than once if needed to listen on many ports */
port=5060
#!ifdef WITH_TLS
enable_tls=yes
#!endif
# life time of TCP connection when there is no traffic
# - a bit higher than registration expires to cope with UA behind NAT
tcp_connection_lifetime=3605
# 4horsmann 2012-04-02
mhomed=1
####### Modules Section ########
# set paths to location of modules (to sources or installation folders)
#!ifdef WITH_SRCPATH
mpath="modules_k:modules"
#!else
mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
#!endif
#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif
loadmodule "mi_fifo.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "mi_rpc.so"
loadmodule "acc.so"
loadmodule "dialog.so"
#!ifdef WITH_SIPTRACE
loadmodule "siptrace.so"
#!endif
#!ifdef WITH_PERL
loadmodule "perl.so"
#!endif
#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
#!ifdef WITH_ALIASDB
loadmodule "alias_db.so"
#!endif
#!ifdef WITH_SPEEDDIAL
loadmodule "speeddial.so"
#!endif
#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
#!ifdef WITH_NAT
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"
#!endif
#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
#!endif
#!ifdef WITH_XMLRPC
loadmodule "xmlrpc.so"
#!endif
#!ifdef WITH_DEBUG
loadmodule "debugger.so"
#!endif
#!ifdef WITH_UAC
loadmodule "uac.so"
#!endif
#!ifdef WITH_DISPATCHER
loadmodule "dispatcher.so"
#!endif
# ----------------- setting module-specific parameters ---------------
#!ifdef WITH_SIPTRACE
modparam("siptrace", "db_url", DBURL)
modparam("siptrace", "trace_flag", 0)
#!endif
#!ifdef WITH_DISPATCHER
modparam("dispatcher", "db_url", DBURL)
modparam("dispatcher", "flags", 2)
modparam("dispatcher", "dst_avp", "$avp(dsdst)")
modparam("dispatcher", "grp_avp", "$avp(dsgrp)")
modparam("dispatcher", "cnt_avp", "$avp(dscnt)")
#modparam("dispatcher", "dstid_avp", "$avp(dsdstid)")
modparam("dispatcher", "ds_ping_interval", 30)
modparam("dispatcher", "ds_probing_mode", 1)
#!endif
#!ifdef WITH_UAC
modparam("uac", "reg_db_url", DBURL)
modparam("uac", "reg_contact_addr", "4COM_EXT_IP:5060")
#!endif
#!ifdef WITH_PERL
modparam("perl", "filename", "/usr/local/etc/kamailio/perlcdr.pl")
modparam("perl", "modpath", "/usr/local/lib/kamailio/perl/")
#!endif
modparam("htable", "htable", "a=>size=14;autoexpire=86400;")
modparam("dialog", "dlg_flag", 6)
modparam("dialog", "enable_stats", 1)
modparam("dialog", "dlg_match_mode", 1)
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
# 2012-04-03 4horsmann: we are multihomed, so deaktivate reparse on dns failover
modparam("tm", "reparse_on_dns_failover", 0)
# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
# 4horsmann - need append_fromtag for module uac
modparam("rr", "append_fromtag", 1)
# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
# max value for expires of registrations
modparam("registrar", "max_expires", 3600)
# ----- acc params -----
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_ack", 0)
modparam("acc", "report_cancels", 0)
/* by default ww do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc", "log_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
/* enhanced DB accounting */
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url", DBURL)
modparam("acc", "db_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif
# ----- usrloc params -----
/* enable DB persistency for location entries */
#!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", DBURL)
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
modparam("auth_db", "use_domain", MULTIDOMAIN)
# ----- permissions params -----
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
#!endif
#!endif
# ----- alias_db params -----
#!ifdef WITH_ALIASDB
modparam("alias_db", "db_url", DBURL)
modparam("alias_db", "use_domain", MULTIDOMAIN)
#!endif
# ----- speedial params -----
#!ifdef WITH_SPEEDDIAL
modparam("speeddial", "db_url", DBURL)
modparam("speeddial", "use_domain", MULTIDOMAIN)
#!endif
# ----- domain params -----
#!ifdef WITH_MULTIDOMAIN
modparam("domain", "db_url", DBURL)
# use caching
modparam("domain", "db_mode", 1)
# register callback to match myself condition with domains list
modparam("domain", "register_myself", 1)
#!endif
#!ifdef WITH_PRESENCE
# ----- presence params -----
modparam("presence", "db_url", DBURL)
# ----- presence_xml params -----
modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
#!endif
#!ifdef WITH_NAT
# ----- rtpproxy params -----
# modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
modparam("rtpproxy", "rtpproxy_sock", "unix:/home/sys/bin/rtpproxy.sock")
# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
#!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
#!endif
#!ifdef WITH_ANTIFLOOD
# ----- pike params -----
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
# ----- htable params -----
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif
#!ifdef WITH_XMLRPC
# ----- xmlrpc params -----
modparam("xmlrpc", "route", "XMLRPC");
modparam("xmlrpc", "url_match", "^/RPC")
#!endif
#!ifdef WITH_DEBUG
# ----- debugger params -----
modparam("debugger", "cfgtrace", 1)
#!endif
####### Routing Logic ########
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
# - note: this is the same as route { ... }
request_route {
force_rport(); # 2012-04-02 4horsmann
if(has_body("application/sdp") && (is_method("ACK") ) )
xlog("ACK with SDP \n");
# per request initial checks
route(REQINIT);
# NAT detection
route(NATDETECT);
if (method == "BYE" || method == "CANCEL")
unforce_rtp_proxy();
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE"))
record_route();
# account only INVITEs
if (is_method("INVITE"))
{
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null)
{
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# dispatch destinations to PSTN
route(PSTN);
# user location service
route(LOCATION);
route(RELAY);
#!ifdef WITH_DISPATCHER
ds_select_dst("2", "0");
xlog("DISPATCHER ds_select_dst\n");
forward();
#!endif
}
route[RELAY] {
xlog("route RELAY M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if (is_method("INVITE|SUBSCRIBE")) {
t_on_branch("MANAGE_BRANCH");
t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
####
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself)
{
if($sht(ipban=>$si)!=$null)
{
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req())
{
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(!sanity_check("1511", "7"))
{
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
}
if (is_method("ACK") ) {
# ACK is forwarded statelessy
if(has_body("application/sdp")) {
xlog("ACK with SDP routed NATMANAGE\n");
} else {
xlog("ACK routed to NATMANAGE\n"); }
route(NATMANAGE);
}
route(RELAY);
} else {
if (is_method("SUBSCRIBE") && uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if (is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
xlog("ACK stateful\n");
t_relay();
exit;
} else {
# ACK without matching transaction ... ignore and discard
xlog("ACK without matching transaction - ignore and discard M=$rm
RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
}
# Handle SIP registrations
route[REGISTRAR] {
if (is_method("REGISTER"))
{
if(isflagset(FLT_NATS))
{
setbflag(FLB_NATB);
# uncomment next line to do SIP NAT pinging
## setbflag(FLB_NATSIPPING);
}
if (!save("location"))
sl_reply_error();
exit;
}
}
# USER location service
route[LOCATION] {
#!ifdef WITH_SPEEDIAL
# search for short dialing - 2-digit extension
if($rU=~"^[0-9][0-9]$")
if(sd_lookup("speed_dial"))
route(SIPOUT);
#!endif
#!ifdef WITH_ALIASDB
# search in DB-based aliases
if(alias_db_lookup("dbaliases"))
route(SIPOUT);
#!endif
$avp(oexten) = $rU;
if (!lookup("location")) {
$var(rc) = $rc;
route(TOVOICEMAIL);
t_newtran();
switch ($var(rc)) {
case -1:
case -3:
send_reply("404", "Not Found");
exit;
case -2:
send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE"))
{
setflag(FLT_ACCMISSED);
}
}
# Presence server route
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
#!ifdef WITH_PRESENCE
if (!t_newtran())
{
sl_reply_error();
exit;
};
if(is_method("PUBLISH"))
{
handle_publish();
t_release();
}
else
if( is_method("SUBSCRIBE"))
{
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null)
{
sl_send_reply("404", "Not here");
exit;
}
return;
}
# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment to enable auth)
if (!www_authorize("$td", "subscriber"))
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
} else {
#!ifdef WITH_IPAUTH
if(allow_source_address())
{
# source IP allowed
return;
}
#!endif
# authenticate if from local subscriber
if (from_uri==myself)
{
if (!proxy_authorize("$fd", "subscriber")) {
proxy_challenge("$fd", "0");
exit;
}
if (is_method("PUBLISH"))
{
if ($au!=$fU || $au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
if ($au!=$rU) {
sl_send_reply("403","Forbidden R-URI");
exit;
}
#!ifdef WITH_MULTIDOMAIN
if ($fd!=$rd) {
sl_send_reply("403","Forbidden R-URI domain");
exit;
}
#!endif
} else {
if ($au!=$fU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
}
consume_credentials();
# caller authenticated
} else {
# caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (!uri==myself)
{
sl_send_reply("403","Not relaying");
exit;
}
}
}
#!endif
return;
}
# Caller NAT detection route
route[NATDETECT] {
#!ifdef WITH_NAT
xlog("NATDETECT! M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
force_rport();
if (nat_uac_test("19")) {
if (is_method("REGISTER")) {
xlog ("NATDETECT-2 fix nated register M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
fix_nated_register();
} else {
xlog ("NATDETECT-3 fix nated contact M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
fix_nated_contact();
}
setflag(FLT_NATS);
}
#!endif
return;
}
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
xlog("NATMANAGE M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (isbflagset(FLB_NATB))
return;
if (dst_ip == 222.222.222.222) {
xlog("rtpproxy_manage extern zu intern\n");
rtpproxy_manage("OCFEI","172.20.10.74");
} else {
xlog("rtpproxy_manage intern zu extern\n");
rtpproxy_manage("OCFIE","222.222.222.222");
}
if (is_request()) {
if (!has_totag()) {
add_rr_param(";nat=yes");
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
fix_nated_contact();
}
}
#!endif
return;
}
# RTPProxy control
route[NATMANAGEFOOBAR] {
#!ifdef WITH_NAT
xlog("NATMANAGE M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (isbflagset(FLB_NATB))
return;
xlog("rtpproxy_manage \n");
rtpproxy_manage();
if (is_request()) {
if (!has_totag()) {
add_rr_param(";nat=yes");
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
fix_nated_contact();
}
}
#!endif
return;
}
# Routing to foreign domains
# Routing to foreign domains
route[SIPOUT] {
if (!uri==myself)
{
append_hf("P-hint: outbound\r\n");
route(RELAY);
}
}
# PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
# check if PSTN GW IP is defined
if (strempty($sel(cfg_get.pstn.gw_ip))) {
xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
return;
}
# route to PSTN dialed numbers starting with '+' or '00'
# (international format)
# - update the condition to match your dialing rules for PSTN routing
if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
return;
# only local users allowed to call
if(from_uri!=myself) {
sl_send_reply("403", "Not Allowed");
exit;
}
$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
route(RELAY);
exit;
#!endif
return;
}
# XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC] {
# allow XMLRPC from localhost
if ((method=="POST" || method=="GET")
&& (src_ip==127.0.0.1)) {
# close connection only for xmlrpclib user agents (there is a bug in
# xmlrpclib: it waits for EOF before interpreting the response).
if ($hdr(User-Agent) =~ "xmlrpclib")
set_reply_close();
set_reply_no_connect();
dispatch_rpc();
exit;
}
send_reply("403", "Forbidden");
exit;
}
#!endif
# route to voicemail server
route[TOVOICEMAIL] {
#!ifdef WITH_VOICEMAIL
if(!is_method("INVITE"))
return;
# check if VoiceMail server IP is defined
if (strempty($sel(cfg_get.voicemail.srv_ip))) {
xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n");
return;
}
if($avp(oexten)==$null)
return;
$ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)
+ $sel(cfg_get.voicemail.srv_port);
route(RELAY);
exit;
#!endif
return;
}
# manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
route(NATMANAGE);
}
# manage incoming replies
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
}
# manage failure routing cases
failure_route[MANAGE_FAILURE] {
route(NATMANAGE);
if (t_is_canceled()) {
exit;
}
#!ifdef WITH_BLOCK3XX
# block call redirect based on 3xx replies.
if (t_check_status("3[0-9][0-9]")) {
t_reply("404","Not found");
exit;
}
#!endif
#!ifdef WITH_VOICEMAIL
# serial forking
# - route to voicemail on busy or no answer (timeout)
if (t_check_status("486|408")) {
route(TOVOICEMAIL);
exit;
}
#!endif
}
--
Mit freundlichen Grüßen
*Karsten Horsmann*
More information about the sr-users
mailing list