# FREEPHONET SIP SERVER I
# SER Config File
# named gateway.freephonet.com at ip address 69.60.109.205
# running on a Debian Linux server
#
# ------------- version 0.8.14 --------------------------------------------
# ------------- Initial global variables ----------------------------------
/*
debug=3
fork=yes
log_stderror=no
*/
#listen=69.60.109.205
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=freephonet.com
alias=69.60.109.205
# dns - Uses dns to check if it is necessary to add a "received=" field
# to a via. Default is no.
# rev_dns - Same as dns but use reverse DNS.
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -r)
port=5060
children=4
# check_via - Turn on or off Via host checking when forwarding replies.
# Default is no. arcane. looks for discrepancy between name and
# ip address when forwarding replies.
check_via=no # (cmd. line: -v)
# syn_branch - Shall the server use stateful synonym branches? It is
# faster but not reboot-safe. Default is yes.
syn_branch=no
# memlog - Debugging level for final memory statistics report.
# Default is L_DBG - memory statistics are dumped
# only if debug is set high.
memlog=3
# sip_warning - Should replies include extensive warnings? By default
# yes, it is good for trouble-shooting.
sip_warning=yes
# fifo - FIFO special file pathname
fifo="/tmp/ser_fifo"
# server_signature - Should locally-generated messages include server's
# signature? By default yes, it is good for
# trouble-shooting.
server_signature=yes
# reply_to_via - A hint to reply modules whether they should send reply
# to IP advertised in Via. Turned off by default, which
# means that replies are sent to IP address from which
# requests came.
reply_to_via=no
# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"
# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"
# mhomed -- enable calculation of outbound interface; useful on
# multihomed servers.
mhomed=0
# ------------- external module loading --------------------------------------
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/exec.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/print.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/uri.so"
# ------------- tm parameters ------------------------------------------------
modparam("tm", "fr_timer", 12) # Timer which hits if no final reply for a
# request or ACK for a negative INVITE
# reply arrives (in seconds).
# Default value is 30 seconds.
modparam("tm", "fr_inv_timer", 24) # Timer which hits if no final reply for an
# INVITE arrives after a provisional message
# was received (in seconds).
# Default value is 120 seconds.
# ------------- rr parameters -------------------------------------------------
# set ";lr" tag to ";lr=true"
modparam("rr", "enable_full_lr", 1) # If set to 1 then ;lr=on instead of just ;lr
# will be used. This is to overcome problems
# with broken UAs which strip ;lr parameter
# when generating Route header fields from
# Record-Route (;lr=on seems to help).
# Default value is 0 (no).
# ------------- accounting parameters -----------------------------------------
modparam("acc", "log_level", 1) # Log level at which accounting messages are
# issued to syslog. Default value is L_NOTICE.
modparam("acc", "log_flag", 1) # Request flag which needs to be set to
# account a transaction. Default value is 1.
modparam("acc", "log_missed_flag", 3) # Request flag which needs to be set to
# account missed calls. Default value is 2.
# ------------- usrloc parameters ---------------------------------------------
# 2 enables write-back to persistent mysql storage for speed
# disable=0, write-through=1
modparam("usrloc", "db_mode", 2)
# minimize write back window - default is 60 seconds
modparam("usrloc", "timer_interval", 10)
# database location
modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser")
# ------------- auth parameters ----------------------------------------------
# database location
modparam("auth_db", "db_url", "sql://ser:heslo@localhost/ser")
# allows clear text passwords in the mysql database
modparam("auth_db", "calculate_ha1", yes)
# name of password column in mysql database
modparam("auth_db", "password_column", "password")
# ------------- routing logic ------------------------------------------------
route {
# ------------- routine checks --------------------------------------------

# stop forwarding at 10 hops to prevent infinite loops
if (!mf_process_maxfwd_header("10")) {
log(1, "LOG: Too many hops\n");
sl_send_reply("483", "Too many hops");
break;
};

# prevents private ip space from being used
#if (search("^(Contact|m): .*@(192\.168\.|10\.|172\.16)")) {
# if (method=="REGISTER") {
# log(1, "LOG: Someone trying to register from private IP\n");
# sl_send_reply("479", "Please don't use private IP addresses" );
# break;
# };
#};

# separate the destination r-uri from the set of proxies that must be traversed
loose_route();

# if the host portion of the request uri is not local, send it directly
# to route processing.
if (!(uri==myself)) {
route(2);
break;
};

# All REGISTER attempts are processed and must always be authenticated
if (method=="REGISTER") {

# make sure that users don't register infinite loops
if (search("^(Contact|m): .*@(69\.60\.109\.205|(proxy\.)?freephonet\.com)")) {
log(1, "LOG: alert: someone trying to set aor==contact\n");
sl_send_reply("476", "No Server Address in Contacts Allowed" );
break;
};

# challenge/response
if (!www_authorize("freephonet.com", "subscriber")) {
www_challenge("freephonet.com", "0");
break;
};

# only registered users are allowed
if (!is_user("replicator") & !check_to()) {
log(1, "LOG: unregistered user registration attempt\n");
sl_send_reply("403", "Only registered users are allowed");
break;
};

# it is an authenticated request, update Contact database now
if (!save("location")) {
sl_reply_error();
};
break;
};
# process traffic local to freephonet and the PSTN
# Find the canonical username
lookup("aliases");

# check domain again, if it is not still local after the alias
# table lookup, just send it on its way. We do not authenticate
# traffic we forward
if (!(uri=~"^sip:(.+@)?(69\.60\.109\.205|(proxy\.)?freephonet\.com)([:;\?].*)?$")) {
route(5);
break;
};

# now check for destinations through the gateway. 911 and 9911
# are always sent to the gateway. The assumption is that other all
# numeric usernames between 5 and 20 digits are really pstn numbers
# and so they are routed to the gateway
if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") | (uri=~"sip:[0-9]{5,20}@.*") ) {
route(3);
break;
};
# does the user wish redirection on no availability? (i.e., is he
# in the voicemail (ser->grp) group?)
if (is_user_in("Request-URI", "voicemail")) {
t_on_failure("4");
setflag(4);
};

# handle local SIP destinations not found in usrloc db

# mostly offline or non-existent users
if (!lookup("location")) {
route(4);
break;
};

# check whether some inventive user has uploaded gateway
# contacts to usrloc to bypass authorization logic
if (uri=~"@10\.1\.2\.5([;:].*)*" ) {
log(1, "LOG: Gateway address in UsrLoc\n");
route(3);
break;
};

# this flag is used with the acc module to report missed calls
# to syslog.
setflag(3);

# do it (words to live by)
append_hf("P-hint: USRLOC\r\n");
if (!t_relay()) {
sl_reply_error();
break;
};

} /* end of initial routing logic */