debug=2 log_stderror=yes log_facility=LOG_LOCAL0 fork=yes children=4 #debug=6 #fork=no #log_stderror=yes #disable_tcp=yes #disable_dns_blacklist=no #dns_try_ipv6=yes #auto_aliases=no #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "//etc/openser/tls/user/user-cert.pem" #tls_private_key = "//etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "//etc/openser/tls/user/user-calist.pem" port=5060 /* uncomment and configure the following line if you want openser to bind on a specific interface/port/proto (default bind on all available) */ #listen=udp:192.168.1.2:5060 alias=ttnnet.it alias=multivoce.it alias=voip.tn.it ####### Modules Section ######## #set module path mpath="//lib/openser/modules/" /* uncomment next line for MySQL DB support */ #loadmodule "mysql.so" loadmodule "postgres.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" loadmodule "uri_db.so" loadmodule "uri.so" loadmodule "xlog.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_db.so" loadmodule "alias_db.so" loadmodule "domain.so" #loadmodule "presence.so" #loadmodule "presence_xml.so" loadmodule "lcr.so" loadmodule "avpops.so" loadmodule "pdt.so" loadmodule "permissions.so" # ----------------- setting module-specific parameters --------------- # ----- mi_fifo params ----- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") #modparam("mi_fifo", "fifo_mode", 0600) #modparam("mi_fifo", "fifo_user", 0) #modparam("mi_fifo", "fifo_user", "openser") #modparam("mi_fifo", "reply_dir", "/tmp/") #modparam("mi_fifo", "reply_indent", "/tmp/openser_replay") # ----- rr params ----- # add value to ;lr param to cope with most of the UAs modparam("rr", "enable_full_lr", 1) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0) # ----- rr params ----- modparam("registrar", "method_filtering", 1) # modparam("registrar", "append_branches", 0) #modparam("registrar", "max_contacts", 10) # ----- uri_db params ----- modparam("uri_db", "use_uri_table", 0) modparam("uri_db", "db_url", "postgres://openser:openserrw@localhost/openser") # ----- acc params ----- modparam("acc", "db_url", "postgres://openser:openserrw@localhost/openser") /* what sepcial events should be accounted ? */ modparam("acc", "early_media", 1) modparam("acc", "report_ack", 1) modparam("acc", "report_cancels", 1) modparam("acc", "detect_direction", 0) modparam("acc", "failed_transaction_flag", 3) modparam("acc", "log_flag", 1) modparam("acc", "log_missed_flag", 2) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2) modparam("acc", "db_extra", "from_uri=$fu ; to_uri=$tu ; from_user=$fU; source_ip=$si") # ----- usrloc params ----- modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "postgres://openser:openserrw@localhost/openser") # ----- auth_db params ----- modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "db_url", "postgres://openser:openserrw@localhost/openser") modparam("auth_db", "load_credentials", "") # ----- alias_db params ----- modparam("alias_db", "db_url", "postgres://openser:openserrw@localhost/openser") # ----- domain params ----- modparam("domain", "db_url", "postgres://openser:openserrw@localhost/openser") modparam("domain", "db_mode", 1) # Use caching # ----- multi-module params ----- modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1) # ----- presence params ----- /* uncomment the following lines if you want to enable presence */ #modparam("presence|presence_xml", "db_url", # "mysql://openser:openserrw@localhost/openser") #modparam("presence_xml", "force_active", 1) #modparam("presence", "server_address", "sip:192.168.1.2:5060") # ----- avpops param ----- modparam("avpops","avp_url","postgres://openser:openserrw@localhost/openser") modparam("avpops","avp_table","avptable") modparam("avpops","avp_table","usr_preferences") modparam("avpops","use_domain",1) modparam("avpops","uuid_column","uuid") modparam("avpops","username_column","username") modparam("avpops","domain_column","domain") modparam("avpops","attribute_column","attribute") modparam("avpops","value_column","value") modparam("avpops","type_column","type") # ----- lcr params ----- modparam("lcr","db_url","postgres://openser:openserrw@localhost/openser") modparam("lcr","fr_inv_timer",90) modparam("lcr","fr_inv_timer_next",30) modparam("lcr", "dm_flag", 25) modparam("lcr", "ruri_user_avp", "$avp(i:500)") modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)") modparam("lcr", "gw_uri_avp", "$avp(i:709)") modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)") modparam("lcr", "contact_avp", "$avp(i:711)") # ------- PDT ---------- modparam("pdt", "db_url", "postgres://openser:openserrw@localhost/openser") modparam("pdt", "db_table", "pdt") modparam("pdt", "domain_column", "source_domain") modparam("pdt", "prefix_column", "prefix") modparam("pdt", "domain_column", "domain") # ---------- permission ------------- modparam("permissions", "db_url", "postgres://openser:openserrw@localhost/openser") modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "allow_suffix", ".allow") modparam("permissions", "deny_suffix", ".deny") ####### Routing Logic ######## # main request routing logic route{ # Sanity check controllo numero hop e lunghezza pacchetto if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # Controllo se i pacchetti facciano parte di una transazione gia esistente if (!is_uri_host_local()) { sl_send_reply("503", "Service not available"); exit; }; if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(1); # do accouting ... setflag(3); # ... even if the transaction fails } route(1); } else { if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; # must be an ACK after a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction ... ignore and discard.\n"); exit; } } sl_send_reply("404","Not here"); } exit; } # Da qui inizia la logica di processamento per messaggi di nuove transazioni # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); #if ($rU==NULL) { # # richiesta con il campo Username nella RURI vuoto # sl_send_reply("484","Address Incomplete"); # exit; #} # ---- Inizio della logica a blocchi ----- if (is_method("REGISTER")){ route(3); } else { route(4); }; } route[1] { # Rotta finale x INVITEs processati tramite lookup location if (is_method("INVITE")) { t_on_branch("2"); t_on_reply("2"); t_on_failure("1"); } if (!t_relay()) { sl_reply_error(); }; exit; } route[2] { # Rotta finale x INVITEs processati tramite modulo LCR if (is_method("INVITE")) { t_on_branch("2"); t_on_reply("2"); t_on_failure("2"); } if (!t_relay()) { sl_reply_error(); }; exit; } route[3] { # Rotta dei Messaggi REGISTER if (is_from_local()) { if (!www_authorize("", "subscriber")) { www_challenge("", "1"); exit; }; # il commento permette username nel from diversi dallo username usato x auth #if (!check_to()) { # sl_send_reply("401", "Unauthorized"); # exit; #}; save("location"); exit; } else if { sl_send_reply("401", "Unauthorized"); }; } route[4]{ # Rotta per messaggi differenti da REGISTER #Verifico se l'originatore fa parte della mia rete tramite dominio e trusted IP if (!is_from_local()) { if(!allow_trusted()){ sl_send_reply("401", "Unauthorized"); exit; } } if (is_method("INVITE")) { setflag(1); # accouting - salvo l'INVITE nel database } # Salvo il r-uri originale $avp(s:called_dd) = $ruri ; $avp(s:called_usr) = $tU ; # Decido la prossima rotta in base se la r-uri รจ numerica o alfabetica if (uri=~"^sip:[0-9]+@voip.tn.it"){ append_hf("P-hint: Route 4 - r-uri numerico \r\n"); route(5); } else { append_hf("P-hint: Route 4 - r-uri alfabetico \r\n"); route(6); }; } route[5]{ # Rotta x richieste numeriche xlog("Route 5 - Rotta x richieste numeriche \n"); if (!proxy_authorize("","subscriber")) { proxy_challenge("","1"); exit; } consume_credentials(); # elimino info auth prefix2domain("2", "2"); # conversione del dominio basata su prefisso $avp(s:called_dd) = $ruri ; xlog("Route 5 - Richieste x $ruri \n"); #Decido la prossima rotta in base al dominio if ( $rd == "voip.tn.it"){ append_hf("P-hint: Route 5 - Inbound -> Outbound \r\n"); route(7); # Chiamta tramite LCR } else { append_hf("P-hint: Route 6 - Inbound -> Inbound \r\n"); if (allow_routing("permissions")){ route(8); # Chiamata tra interdomini permessa } else { route (7); # Eseguo cmq la chiamata tramite GW LCR }; }; } route[6]{ # Rotta per richeste alfabetiche xlog("Route 6 - Rotta x richieste alfa \n"); #Non accetto richieste alfabetiche per il dominio host. if ( $rd == "voip.tn.it"){ sl_send_reply("404", "Not Found"); exit; } append_hf("P-hint: Route 6 - Inbound -> Inbound \r\n"); route(8); } route[7] { # Rotta x chiamate OUTBOUND xlog("Route 7 - Rotta x chiamate OUTBOUND \n"); #route(10); # Togliere il commento se si vuole mandare 404 al PBX #exit; # Carico con il modulo LCR i gateway if (!load_gws()) { sl_send_reply("503", "Unable to load gateways"); exit; } if(!next_gw()){ sl_send_reply("503", "Unable to find a gateway"); exit; } append_hf("P-hint: Route 7 - LCR Applicata \r\n"); route(2); exit; } route[8] { # rotta per chiamate INBOUND xlog("Route 8 - Rotta x chiamate INBOUND \n"); # Carico da avp table il radicale basandomi sul dominio del campo to if(!avp_db_load("$avp(s:called_dd)/domain","*")){ sl_send_reply("404", "Not Found"); exit; } # Riscrivo il campo to con il radicale if(!avp_pushto("$ru","$avp(s:cli)")){ sl_send_reply("404", "Not Found"); exit; } # Eseguo la lookup alias e la lookup location alias_db_lookup("dbaliases"); if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; # Riscrivo lo username del campo to originale if(!avp_pushto("$ru/username","$avp(s:called_usr)")){ sl_send_reply("404", "Not Found"); exit; } setflag(2); append_hf("P-hint: Risultato Finale route 8 \r\n"); xlog("Route 8 - Chiama $ruri \n"); route(1); } route[10]{ # rotta generica per messaggio 404 not found (sostituzione LCR) xlog(" $ru not found \n"); sl_send_reply("404", "Not Found"); exit; } branch_route[2] { xlog("new branch at $ru\n"); } onreply_route[2] { xlog("incoming reply\n"); } failure_route[1] { if (t_was_cancelled()) { exit; } } failure_route[2] { if(!next_gw()) { t_reply("503", "Service not available, no more gateways"); exit; } t_on_failure("2"); t_relay(); }