[OpenSER-Users] Radius accounting and Dialog

David Villasmil david.villasmil.work at gmail.com
Fri Jun 13 17:47:06 CEST 2008


the script didn't fit, here it is:

#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at
http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#

# ----------- global configuration parameters ------------------------

debug=3            # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no    # (cmd line: -E)
children=10
port=5060
listen=MY.OPENSER.IP.COM
disable_dns_blacklist=true

# ------------------ module loading ----------------------------------
#set module path
mpath="//lib/openser/modules/"

# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"

loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "permissions.so"
#loadmodule "group.so"
loadmodule "mi_fifo.so"
loadmodule "lcr.so"
loadmodule "avpops.so"
loadmodule "xlog.so"
loadmodule "mediaproxy.so"
loadmodule "acc.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

modparam("registrar", "received_avp", "$avp(i:42)")

modparam("usrloc", "db_mode", 2)
modparam("usrloc", "nat_bflag", 4)

modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")

modparam("rr", "enable_full_lr", 1)

#modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost
/openser")
modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost
/openser")

modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")

modparam("avpops", "avp_table", "usr_preferences")

modparam("mediaproxy","natping_interval",20)
modparam("mediaproxy","mediaproxy_socket",
"/var/run/mediaproxy/mediaproxy.sock")
modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients")
modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")

modparam("lcr", "contact_avp", "$avp(i:711)")
modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
modparam("lcr", "gw_uri_avp", "$avp(i:709)")
modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
modparam("lcr", "ruri_user_avp", "$avp(i:500)")
modparam("lcr", "dm_flag", 25)

modparam("acc", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag",        2)
modparam("acc", "radius_missed_flag", 3)
modparam("acc", "radius_extra",
"User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)")
# -------------------------  request routing logic -------------------

# main routing logic

route{

    #
    # -- 1 -- Request Validation
    #
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    };

    if (msg:len >=  2048 ) {
        sl_send_reply("513", "Message too big");
        exit;
    };

    #
    # -- 2 -- Routing Preprocessing
    #
    ## Record-route all except Register
    ## Mark packets with nat=yes
    ## This mark will be used to identify the request in the loose
    ## route section
    if(!is_method("REGISTER")){
        record_route(";nat=yes");
    };

    ##Loose_route packets
    if (has_totag()) {
            #sequential request withing a dialog should
            # take the path determined by record-routing
            if (loose_route()) {
               if(method=="BYE") {
                   #Account BYE transactions
                   setflag(2);
               };

                #Check authentication of re-invites
                if(method=="INVITE" && (!allow_trusted())) {
                    if (!proxy_authorize("","subscriber")) {
                    proxy_challenge("","1");
                    exit;
                } else if (!check_from()) {
                    sl_send_reply("403", "Forbidden, use From=ID");
                    exit;
                };
            };
            if(method=="BYE" || method=="CANCEL") {
                end_media_session();
            };

            ##Detect requests in the dialog behind NAT and flag with 6
            route(1);
        } else {
            sl_send_reply("404","Not here");
        }
        exit;
    }

    #CANCEL processing
    if (is_method("CANCEL")) {
        if (t_check_trans()) {
            end_media_session();
            t_relay();
        };
        exit;
    }

    t_check_trans();
    #
    # -- 3 -- Determine Request Target
    #
    if (method=="REGISTER") {
        route(2);
    } else {
        route(3);
    };
}


route[1] {
    #
    # -- 4 -- Forward request to target
    #
    # Forward statefully
    t_on_reply("1");
    t_on_failure("1");
    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

route[2] {
    ## Register request handler
    if (is_uri_host_local()) {
        if (!www_authorize("", "subscriber")) {
            www_challenge("", "1");
            exit;
        };

        if (!check_to()) {
            sl_send_reply("403", "Forbidden");
            exit;
        };

        setbflag(6);
        force_rport();
        save("location");
        exit;

    } else if {

        sl_send_reply("403", "Forbidden");

    };
}

route[3] {
    ## Requests handler

    if (method=="INVITE") {
        # Account INVITE packets
        setflag(2);
        # Account Missed calls
        setflag(3);
        # Radius Extra
        $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM";
    };

    if (is_from_local()){
        # From an internal domain -> check the credentials and the FROM
        if(!allow_trusted()){
            if (!proxy_authorize("","subscriber")) {
                proxy_challenge("","0");
                exit;
            } else if(!check_from()) {
            sl_send_reply("403", "Forbidden, use From=ID");
            exit;
          };
        };

        #unconditional call forward
        if(avp_db_load("$ru/username","$avp(s:callfwd)")) {
            avp_pushto("$ru", "$avp(s:callfwd)");
            route(1);
            exit;
        }

        consume_credentials();

        #verify aliases, if found replace R-URI.
        lookup("aliases");

        if (is_uri_host_local()) {
            # -- Inbound to Inbound
            xlog("L_INFO","OPENSER: INBOUND -> INBOUND ($tU)");
            route(10);
        } else {
            # -- Inbound to outbound
            xlog("L_INFO","OPENSER: INBOUND -> OUTBOUND ($tU)");
            route(11);
        };

    } else {

        #From an external domain ->do not check credentials
        #Verify aliases, if found replace R-URI.
        lookup("aliases");
            if (is_uri_host_local()) {
                xlog("L_INFO","OPENSER: OUTBOUND -> INBOUND ($tU)");
                #-- Outbound to inbound
                route(12);
            } else {
                xlog("L_INFO","OPENSER: OUTBOUND -> OUTBOUND ($tU)");
                # -- Outbound to outbound
                route(13);
            };
    };
}

route[4] {
    # routing to the public network
    if (!load_gws()) {
        sl_send_reply("503", "Unable to load gateways");
        exit;
    }

    if(!next_gw()){
        sl_send_reply("503", "Unable to find a gateway");
     exit;
    }
    t_on_failure("2");
    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

route[6] {
    #
    # -- NAT handling --
    #
    append_hf("P-hint: Route[6]: mediaproxy \r\n");
    use_media_proxy();
}

route[10] {
    #from an internal domain -> inbound
    #Native SIP destinations are handled using the location table
    #Gateway destinations are handled by regular expressions
    append_hf("P-hint: inbound->inbound \r\n");

    xlog("L_INFO","LOOKING FOR: $tU");
    if (uri=~"^sip:55613") {     # ECHO TEST
        xlog("L_INFO","IN ROUTE 613");
        route(6);
        rewritehostport("fwdnat2.pulver.com:5060");
        if (!t_relay()) {
            sl_reply_error();
        };
        exit;
    };

    if (uri=~"^sip:301") {     # ECHO TEST
        route(6);
        rewritehostport("blueface.ie");
        if (!t_relay()) {
            sl_reply_error();
        };
        exit;
    };

#
#    if (uri=~"^sip:1[2-9][0-9]{9}@") {
#        if (is_user_in("credentials","ld")) {
#            strip(1);
#            prefix("+1");
#            route(6);
#            route(4);
#            exit;
#        } else {
#            sl_send_reply("403", "No permissions for long distance");
#            exit;
#        };
#    };
#
#    if (uri=~"^sip:011[0-9]*@") {
#        if (is_user_in("credentials","int")) {
#            strip(3);
#            prefix("+");
#            route(6);
#            route(4);
#            exit;
#        } else {
#            sl_send_reply("403", "No permissions for international calls");
#        };
#    };

    if (!lookup("location")) {
        if (does_uri_exist()) {
            ## User not registered at this time.
            ## Use the IP Address of your e-mail server
            revert_uri();
            prefix("u");
            rewritehostport("192.168.1.171"); #Use the IP address of your
voicemail server
            route(6);
            route(1);
        } else {
            sl_send_reply("404", "Not Found");
         exit;
        }
        sl_send_reply("404", "Not Found");
        exit;
    };
    route(6);
    route(1);
}

route[11] {
     # from an internal domain -> outbound
     # Simply route the call outbound using DNS search
     append_hf("P-hint: inbound->outbound \r\n");
     route(1);
}

route[12] {
     # From an external domain -> inbound
     # Verify aliases, if found replace R-URI.
     lookup("aliases");
     if (!lookup("location")) {
          sl_send_reply("404", "Not Found");
          exit;
     };
     route(1);
}

route[13] {
     #From an external domain outbound
     #we are not accepting these calls
     append_hf("P-hint: outbound->inbound \r\n");
     sl_send_reply("403", "Forbidden");
     exit;
}

failure_route[1] {
    ##--
    ##-- If cancelled, exit.
    ##--
    if (t_was_cancelled()) {
        exit;
    };
    ##--
    ##-- If busy send to the e-mail server, prefix the "b"
    ##-- character to indicate busy.
    ##--
    if (t_check_status("486")) {
        revert_uri();
        prefix("b");
        rewritehostport("192.168.1.171");
        append_branch();
        route(1);
        exit;
    };
    ##--
    ##-- If timeout (408) or unavailable temporarily (480),
    ##-- prefix the uri with the "u"character to indicate
    ##-- unanswered and send to the e-mail
    ##-- sever
    ##--
    if (t_check_status("408") || t_check_status("480")) {
        revert_uri();
        prefix("u");
        rewritehostport("192.168.1.171");
        append_branch();
        route(1);
        exit;
    };
}

failure_route[2] {
    if(!next_gw()) {
        t_reply("503", "Service not available, no more gateways");
        exit;
    };
    t_on_failure("2");
    t_relay();
}


onreply_route[1] {
#
#-- On-replay block routing --
#
    append_hf("P-hint: onreply_route|usemediaproxy \r\n");
    use_media_proxy();
    exit;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080613/5b778dac/attachment.htm 


More information about the Users mailing list