####### Routing Logic ########
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
route {
# per request initial checks
route(REQINIT);
# NAT detection
route(NAT);
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they
are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE")
)
record_route();
# account only INVITEs
if (is_method("INVITE"))
{
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null)
{
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
#!ifdef WITH_FREESWITCH
# save callee ID
$avp(callee) = $rU;
route(FSDISPATCH);
#!endif
# user location service
route(LOCATION);
route(RELAY);
}
route[RELAY] {
#!ifdef WITH_NAT
if (check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
route(RTPPROXY);
}
#!endif
#!ifdef WITH_CFGSAMPLES
/* example how to enable some additional event routes */
if (is_method("INVITE")) {
#t_on_branch("BRANCH_ONE");
t_on_reply("REPLY_ONE");
t_on_failure("FAIL_ONE");
}
#!endif
if (!t_relay()) {
sl_reply_error();
}
exit;
}
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as
pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself)
{
if($sht(ipban=>$si)!=$null)
{
# ip is already blocked
xdbg("request from blocked IP - $rm from
$fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req())
{
xlog("L_ALERT","ALERT: pike blocking $rm
from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(!sanity_check("1511", "7"))
{
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(FLT_ACC); # do
accounting ...
setflag(FLT_ACCFAILED); # ...
even if the transaction fails
}
route(RELAY);
} else {
if (is_method("SUBSCRIBE") &&
uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but
stateful ACK;
# must be an ACK after a
487
# or e.g. 404 from
upstream server
t_relay();
exit;
} else {
# ACK without matching
transaction ... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
}
# Handle SIP registrations
route[REGISTRAR] {
if (is_method("REGISTER"))
{
if(isflagset(FLT_NATS))
{
setbflag(FLB_NATB);
# uncomment next line to do SIP NAT
pinging
## setbflag(FLB_NATSIPPING);
}
if (!save("location"))
sl_reply_error();
exit;
}
}
# USER location service
route[LOCATION] {
#!ifdef WITH_ALIASDB
# search in DB-based aliases
alias_db_lookup("dbaliases");
#!endif
if (!lookup("location")) {
switch ($rc) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not
Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE"))
{
setflag(FLT_ACCMISSED);
}
}
# Presence server route
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
#!ifdef WITH_PRESENCE
if (!t_newtran())
{
sl_reply_error();
exit;
};
if(is_method("PUBLISH"))
{
handle_publish();
t_release();
}
else
if( is_method("SUBSCRIBE"))
{
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null)
{
sl_send_reply("404", "Not here");
exit;
}
return;
}
# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment
to enable auth)
if (!www_authorize("$td", "subscriber"))
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth
ID");
exit;
}
} else {
#!ifdef WITH_FREESWITCH
if(route(FSINBOUND))
return;
#!endif
#!ifdef WITH_IPAUTH
if(allow_source_address())
{
# source IP allowed
return;
}
#!endif
# authenticate if from local subscriber
if (from_uri==myself)
{
if (!proxy_authorize("$fd",
"subscriber")) {
proxy_challenge("$fd", "0");
exit;
}
if (is_method("PUBLISH"))
{
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
} else {
if ($au!=$fU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
}
consume_credentials();
# caller authenticated
} else {
# caller is not local subscriber, then
check if it calls
# a local destination, otherwise deny,
not an open relay here
if (!uri==myself)
{
sl_send_reply("403","Not
relaying");
exit;
}
}
}
#!endif
return;
}
# Caller NAT detection route
route[NAT] {
#!ifdef WITH_NAT
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
}
setflag(FLT_NATS);
}
#!endif
return;
}
# RTPProxy control
route[RTPPROXY] {
#!ifdef WITH_NAT
if (is_method("BYE")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
}
if (!has_totag()) add_rr_param(";nat=yes");
#!endif
return;
}
# Routing to foreign domains
route[SIPOUT] {
if (!uri==myself)
{
append_hf("P-hint: outbound\r\n");
route(RELAY);
}
}
#!ifdef WITH_FREESWITCH
# FreeSWITCH routing blocks
route[FSINBOUND] {
if($si== $sel(cfg_get.freeswitch.bindip)
&&
$sp==$sel(cfg_get.freeswitch.bindport))
return 1;
return -1;
}
route[FSDISPATCH] {
if(!is_method("INVITE"))
return;
if(route(FSINBOUND))
return;
# dial number selection
switch($rU) {
case /"^41$":
# 41 - voicebox menu
# allow only authenticated users
if($au==$null)
{
sl_send_reply("403", "Not
allowed");
exit;
}
$rU = "vm-" + $au;
break;
case /"^441[0-9][0-9]$":
# starting with 44 folowed by 1XY -
direct call to voice box
strip(2);
route(FSVBOX);
break;
case /"^433[01][0-9][0-9]$":
# starting with 433 folowed by (0|1)XY -
conference
strip(2);
break;
case /"^45[0-9]+$":
strip(2);
break;
default:
# offline - send to voicebox
if (!registered("location"))
{
route(FSVBOX);
exit;
}
# online - do bridging
prefix("kb-");
if(is_method("INVITE"))
{
# in case of failure - re-route
to FreeSWITCH VoiceMail
t_on_failure("FAIL_FSVBOX");
}
}
route(FSRELAY);
exit;
}
route[FSVBOX] {
if(!($rU=~"^1[0-9][0-9]+$"))
return;
prefix("vb-");
route(FSRELAY);
}
# Send to FreeSWITCH
route[FSRELAY] {
$du = "sip:" + $sel(cfg_get.freeswitch.bindip) + ":"
+ $sel(cfg_get.freeswitch.bindport);
if($var(newbranch)==1)
{
append_branch();
$var(newbranch) = 0;
}
route(RELAY);
exit;
}
#!endif
#!ifdef WITH_FREESWITCH
failure_route[FAIL_FSVBOX] {
#!ifdef WITH_NAT
if (is_method("INVITE")
&& (isbflagset(FLB_NATB) ||
isflagset(FLT_NATS))) {
unforce_rtp_proxy();
}
#!endif
if (t_is_canceled()) {
exit;
}
if (t_check_status("486|408")) {
# re-route to FreeSWITCH VoiceMail
$rU = $avp(callee);
$var(newbranch) = 1;
route(FSVBOX);
}
}
#!endif
# sample config file for dispatcher module
#!ifdef WITH_DISPATCHER
modparam("dispatcher", "db_url",
"mysql://openser:password@localhost/openser")
route{
if ( !mf_process_maxfwd_header("10") )
{
sl_send_reply("483","To Many Hops");
drop();
};
ds_select_dst("1", "0");
forward();
# t_relay();
}
#!endif
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users