hello all. this is my kamailio conf: http://pastebin.com/jGCak01E when I try to register any sip device. it looks like. device -> ext IP kamailio -> int IP kamailio -> asterisk. so I trying to nat something to lan. but on asterisk I see that register, it answer 401, than register again and it again answer 401. but on my sip device I see register and than kamailio answer 200 !! why ???

  1. #!KAMAILIO
  2. #
  3. # Kamailio (OpenSER) SIP Server v4.1 - default configuration script
  4. # š š - web: http://www.kamailio.org
  5. # š š - git: http://sip-router.org
  6. #
  7. # Direct your questions about this file to: <sr-users@lists.sip-router.org>
  8. #
  9. # Refer to the Core CookBook at http://www.kamailio.org/wiki/
  10. # for an explanation of possible statements, functions and parameters.
  11. #
  12. # Several features can be enabled using '#!define WITH_FEATURE' directives:
  13. #
  14. # *** To run in debug mode:
  15. # š š - define WITH_DEBUG
  16. #
  17. # *** To enable mysql:
  18. # š š - define WITH_MYSQL
  19. #
  20. # *** To enable authentication execute:
  21. # š š - enable mysql
  22. # š š - define WITH_AUTH
  23. # š š - add users using 'kamctl'
  24. #
  25. # *** To enable IP authentication execute:
  26. # š š - enable mysql
  27. # š š - enable authentication
  28. # š š - define WITH_IPAUTH
  29. # š š - add IP addresses with group id '1' to 'address' table
  30. #
  31. # *** To enable persistent user location execute:
  32. # š š - enable mysql
  33. # š š - define WITH_USRLOCDB
  34. #
  35. # *** To enable presence server execute:
  36. # š š - enable mysql
  37. # š š - define WITH_PRESENCE
  38. #
  39. # *** To enable nat traversal execute:
  40. # š š - define WITH_NAT
  41. # š š - install RTPProxy: http://www.rtpproxy.org
  42. # š š - start RTPProxy:
  43. # š š š šrtpproxy -l _your_public_ip_ -s udp:localhost:7722
  44. #
  45. # *** To enable PSTN gateway routing execute:
  46. # š š - define WITH_PSTN
  47. # š š - set the value of pstn.gw_ip
  48. # š š - check route[PSTN] for regexp routing condition
  49. #
  50. # *** To enable database aliases lookup execute:
  51. # š š - enable mysql
  52. # š š - define WITH_ALIASDB
  53. #
  54. # *** To enable speed dial lookup execute:
  55. # š š - enable mysql
  56. # š š - define WITH_SPEEDDIAL
  57. #
  58. # *** To enable multi-domain support execute:
  59. # š š - enable mysql
  60. # š š - define WITH_MULTIDOMAIN
  61. #
  62. # *** To enable TLS support execute:
  63. # š š - adjust CFGDIR/tls.cfg as needed
  64. # š š - define WITH_TLS
  65. #
  66. # *** To enable XMLRPC support execute:
  67. # š š - define WITH_XMLRPC
  68. # š š - adjust route[XMLRPC] for access policy
  69. #
  70. # *** To enable anti-flood detection execute:
  71. # š š - adjust pike and htable=>ipban settings as needed (default is
  72. # š š š block if more than 16 requests in 2 seconds and ban for 300 seconds)
  73. # š š - define WITH_ANTIFLOOD
  74. #
  75. # *** To block 3XX redirect replies execute:
  76. # š š - define WITH_BLOCK3XX
  77. #
  78. # *** To enable VoiceMail routing execute:
  79. # š š - define WITH_VOICEMAIL
  80. # š š - set the value of voicemail.srv_ip
  81. # š š - adjust the value of voicemail.srv_port
  82. #
  83. # *** To enhance accounting execute:
  84. # š š - enable mysql
  85. # š š - define WITH_ACCDB
  86. # š š - add following columns to database
  87. #!ifdef ACCDB_COMMENT
  88. š ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  89. š ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  90. š ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
  91. š ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  92. š ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  93. š ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
  94. š ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  95. š ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  96. š ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
  97. š ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  98. š ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  99. š ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
  100. #!endif
  101. š
  102. # š š š #!define WITH_MYSQL
  103. # š š š #!define WITH_AUTH
  104. # š š š #!define WITH_USRLOCDB
  105. š š š š #!define WITH_NAT
  106. š š š š #!define WITH_ASTERISK
  107. # š š š #!define WITH_DEBUG
  108. š
  109. ####### Include Local Config If Exists #########
  110. import_file "kamailio-local.cfg"
  111. š
  112. ####### Defined Values #########
  113. š
  114. # *** Value defines - IDs used later in config
  115. #!ifdef WITH_MYSQL
  116. # - database URL - used to connect to database server by modules such
  117. # š š š as: auth_db, acc, usrloc, a.s.o.
  118. #!ifndef DBURL
  119. #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
  120. #!endif
  121. #!endif
  122. #!ifdef WITH_MULTIDOMAIN
  123. # - the value for 'use_domain' parameters
  124. #!define MULTIDOMAIN 1
  125. #!else
  126. #!define MULTIDOMAIN 0
  127. #!endif
  128. š
  129. # - flags
  130. # š FLT_ - per transaction (message) flags
  131. # š š š FLB_ - per branch flags
  132. #!define FLT_ACC 1
  133. #!define FLT_ACCMISSED 2
  134. #!define FLT_ACCFAILED 3
  135. #!define FLT_NATS 5
  136. š
  137. #!define FLB_NATB 6
  138. #!define FLB_NATSIPPING 7
  139. š
  140. ####### Global Parameters #########
  141. š
  142. ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
  143. #!ifdef WITH_DEBUG
  144. debug=4
  145. log_stderror=yes
  146. #!else
  147. debug=3
  148. log_stderror=no
  149. #!endif
  150. š
  151. memdbg=5
  152. memlog=5
  153. š
  154. log_facility=LOG_LOCAL0
  155. š
  156. fork=yes
  157. children=4
  158. š
  159. /* uncomment the next line to disable TCP (default on) */
  160. #disable_tcp=yes
  161. š
  162. /* uncomment the next line to disable the auto discovery of local aliases
  163. š šbased on reverse DNS on IPs (default on) */
  164. #auto_aliases=no
  165. š
  166. /* add local domain aliases */
  167. #alias="sip.mydomain.com"
  168. š
  169. /* uncomment and configure the following line if you want Kamailio to
  170. š šbind on a specific interface/port/proto (default bind on all available) */
  171. š
  172. #listen=udp:50.0.0.1:5060 advertise 194.190.8.171:5060
  173. listen=udp:194.190.8.171:5060 advertise 50.0.0.1:5060
  174. š
  175. /* port to listen to
  176. š* - can be specified more than once if needed to listen on many ports */
  177. port=5060
  178. š
  179. mhomed=1
  180. š
  181. #!ifdef WITH_TLS
  182. enable_tls=yes
  183. #!endif
  184. š
  185. # life time of TCP connection when there is no traffic
  186. # - a bit higher than registration expires to cope with UA behind NAT
  187. tcp_connection_lifetime=3605
  188. š
  189. ####### Custom Parameters #########
  190. š
  191. # These parameters can be modified runtime via RPC interface
  192. # - see the documentation of 'cfg_rpc' module.
  193. #
  194. # Format: group.id = value 'desc' description
  195. # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
  196. #
  197. š
  198. #!ifdef WITH_PSTN
  199. # PSTN GW Routing
  200. #
  201. # - pstn.gw_ip: valid IP or hostname as string value, example:
  202. # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
  203. #
  204. # - by default is empty to avoid misrouting
  205. #pstn.gw_ip = "" desc "PSTN GW Address"
  206. #pstn.gw_port = "" desc "PSTN GW Port"
  207. #!endif
  208. š
  209. #!ifdef WITH_VOICEMAIL
  210. # VoiceMail Routing on offline, busy or no answer
  211. #
  212. # - by default Voicemail server IP is empty to avoid misrouting
  213. #voicemail.srv_ip = "" desc "VoiceMail IP Address"
  214. #voicemail.srv_port = "5060" desc "VoiceMail Port"
  215. #!endif
  216. š
  217. #!ifdef WITH_ASTERISK
  218. asterisk.bindip = "50.0.0.10" desc "Asterisk IP Address"
  219. asterisk.bindport = "5060" desc "Asterisk Port"
  220. kamailio.bindip = "50.0.0.1" desc "Kamailio IP Address"
  221. kamailio.bindport = "5060" desc "Kamailio Port"
  222. #!endif
  223. š
  224. ####### Modules Section ########
  225. š
  226. # set paths to location of modules (to sources or installation folders)
  227. #!ifdef WITH_SRCPATH
  228. mpath="modules/"
  229. #!else
  230. mpath="/usr/lib64/kamailio/modules/"
  231. #!endif
  232. š
  233. #!ifdef WITH_MYSQL
  234. loadmodule "db_mysql.so"
  235. #!endif
  236. š
  237. loadmodule "mi_fifo.so"
  238. loadmodule "kex.so"
  239. loadmodule "tm.so"
  240. loadmodule "tmx.so"
  241. loadmodule "sl.so"
  242. loadmodule "rr.so"
  243. loadmodule "pv.so"
  244. loadmodule "maxfwd.so"
  245. loadmodule "usrloc.so"
  246. loadmodule "registrar.so"
  247. loadmodule "textops.so"
  248. loadmodule "siputils.so"
  249. loadmodule "xlog.so"
  250. loadmodule "sanity.so"
  251. loadmodule "ctl.so"
  252. loadmodule "cfg_rpc.so"
  253. loadmodule "mi_rpc.so"
  254. loadmodule "acc.so"
  255. š
  256. #!ifdef WITH_AUTH
  257. loadmodule "auth.so"
  258. loadmodule "auth_db.so"
  259. #!ifdef WITH_IPAUTH
  260. loadmodule "permissions.so"
  261. #!endif
  262. #!endif
  263. š
  264. #!ifdef WITH_ALIASDB
  265. loadmodule "alias_db.so"
  266. #!endif
  267. š
  268. #!ifdef WITH_SPEEDDIAL
  269. loadmodule "speeddial.so"
  270. #!endif
  271. š
  272. #!ifdef WITH_MULTIDOMAIN
  273. loadmodule "domain.so"
  274. #!endif
  275. š
  276. #!ifdef WITH_PRESENCE
  277. loadmodule "presence.so"
  278. loadmodule "presence_xml.so"
  279. #!endif
  280. š
  281. #!ifdef WITH_NAT
  282. loadmodule "nathelper.so"
  283. loadmodule "rtpproxy.so"
  284. #!endif
  285. š
  286. #!ifdef WITH_TLS
  287. loadmodule "tls.so"
  288. #!endif
  289. š
  290. #!ifdef WITH_ANTIFLOOD
  291. loadmodule "htable.so"
  292. loadmodule "pike.so"
  293. #!endif
  294. š
  295. #!ifdef WITH_XMLRPC
  296. loadmodule "xmlrpc.so"
  297. #!endif
  298. š
  299. #!ifdef WITH_DEBUG
  300. loadmodule "debugger.so"
  301. #!endif
  302. š
  303. #!ifdef WITH_ASTERISK
  304. loadmodule "uac.so"
  305. #!endif
  306. š
  307. š
  308. #loadmodule "topoh.so"
  309. #modparam("topoh", "mask_key", "balalayka")
  310. #modparam("topoh", "mask_ip", "50.0.0.1")
  311. š
  312. # ----------------- setting module-specific parameters ---------------
  313. š
  314. š
  315. # ----- mi_fifo params -----
  316. modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
  317. š
  318. š
  319. # ----- tm params -----
  320. # auto-discard branches from previous serial forking leg
  321. modparam("tm", "failure_reply_mode", 3)
  322. # default retransmission timeout: 30sec
  323. modparam("tm", "fr_timer", 30000)
  324. # default invite retransmission timeout after 1xx: 120sec
  325. modparam("tm", "fr_inv_timer", 120000)
  326. š
  327. š
  328. # ----- rr params -----
  329. # add value to ;lr param to cope with most of the UAs
  330. modparam("rr", "enable_full_lr", 1)
  331. # do not append from tag to the RR (no need for this script)
  332. #!ifdef WITH_ASTERISK
  333. modparam("rr", "append_fromtag", 1)
  334. #!else
  335. modparam("rr", "append_fromtag", 0)
  336. #!endif
  337. š
  338. š
  339. # ----- registrar params -----
  340. modparam("registrar", "method_filtering", 1)
  341. /* uncomment the next line to disable parallel forking via location */
  342. # modparam("registrar", "append_branches", 0)
  343. /* uncomment the next line not to allow more than 10 contacts per AOR */
  344. #modparam("registrar", "max_contacts", 10)
  345. # max value for expires of registrations
  346. modparam("registrar", "max_expires", 3600)
  347. # set it to 1 to enable GRUU
  348. modparam("registrar", "gruu_enabled", 0)
  349. š
  350. š
  351. # ----- acc params -----
  352. /* what special events should be accounted ? */
  353. modparam("acc", "early_media", 0)
  354. modparam("acc", "report_ack", 0)
  355. modparam("acc", "report_cancels", 0)
  356. /* by default ww do not adjust the direct of the sequential requests.
  357. š šif you enable this parameter, be sure the enable "append_fromtag"
  358. š šin "rr" module */
  359. modparam("acc", "detect_direction", 0)
  360. /* account triggers (flags) */
  361. modparam("acc", "log_flag", FLT_ACC)
  362. modparam("acc", "log_missed_flag", FLT_ACCMISSED)
  363. modparam("acc", "log_extra",
  364. š š š š "src_user=$fU;src_domain=$fd;src_ip=$si;"
  365. š š š š "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
  366. modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
  367. /* enhanced DB accounting */
  368. #!ifdef WITH_ACCDB
  369. modparam("acc", "db_flag", FLT_ACC)
  370. modparam("acc", "db_missed_flag", FLT_ACCMISSED)
  371. modparam("acc", "db_url", DBURL)
  372. modparam("acc", "db_extra",
  373. š š š š "src_user=$fU;src_domain=$fd;src_ip=$si;"
  374. š š š š "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
  375. #!endif
  376. š
  377. š
  378. # ----- usrloc params -----
  379. /* enable DB persistency for location entries */
  380. #!ifdef WITH_USRLOCDB
  381. modparam("usrloc", "db_url", DBURL)
  382. modparam("usrloc", "db_mode", 2)
  383. modparam("usrloc", "use_domain", MULTIDOMAIN)
  384. #!endif
  385. š
  386. š
  387. # ----- auth_db params -----
  388. #!ifdef WITH_AUTH
  389. modparam("auth_db", "db_url", DBURL)
  390. modparam("auth_db", "calculate_ha1", yes)
  391. modparam("auth_db", "password_column", "password")
  392. modparam("auth_db", "load_credentials", "")
  393. modparam("auth_db", "use_domain", MULTIDOMAIN)
  394. š
  395. # ----- permissions params -----
  396. #!ifdef WITH_IPAUTH
  397. modparam("permissions", "db_url", DBURL)
  398. modparam("permissions", "db_mode", 1)
  399. #!endif
  400. š
  401. #!endif
  402. š
  403. š
  404. # ----- alias_db params -----
  405. #!ifdef WITH_ALIASDB
  406. modparam("alias_db", "db_url", DBURL)
  407. modparam("alias_db", "use_domain", MULTIDOMAIN)
  408. #!endif
  409. š
  410. š
  411. # ----- speeddial params -----
  412. #!ifdef WITH_SPEEDDIAL
  413. modparam("speeddial", "db_url", DBURL)
  414. modparam("speeddial", "use_domain", MULTIDOMAIN)
  415. #!endif
  416. š
  417. š
  418. # ----- domain params -----
  419. #!ifdef WITH_MULTIDOMAIN
  420. modparam("domain", "db_url", DBURL)
  421. # register callback to match myself condition with domains list
  422. modparam("domain", "register_myself", 1)
  423. #!endif
  424. š
  425. š
  426. #!ifdef WITH_PRESENCE
  427. # ----- presence params -----
  428. modparam("presence", "db_url", DBURL)
  429. š
  430. # ----- presence_xml params -----
  431. modparam("presence_xml", "db_url", DBURL)
  432. modparam("presence_xml", "force_active", 1)
  433. #!endif
  434. š
  435. š
  436. #!ifdef WITH_NAT
  437. # ----- rtpproxy params -----
  438. modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
  439. š
  440. # ----- nathelper params -----
  441. modparam("nathelper", "natping_interval", 30)
  442. modparam("nathelper", "ping_nated_only", 1)
  443. modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
  444. modparam("nathelper", "sipping_from", "sip:pinger@kamaz")
  445. š
  446. # params needed for NAT traversal in other modules
  447. modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
  448. modparam("usrloc", "nat_bflag", FLB_NATB)
  449. #!endif
  450. š
  451. š
  452. #!ifdef WITH_TLS
  453. # ----- tls params -----
  454. modparam("tls", "config", "//etc/kamailio/tls.cfg")
  455. #!endif
  456. š
  457. #!ifdef WITH_ANTIFLOOD
  458. # ----- pike params -----
  459. modparam("pike", "sampling_time_unit", 2)
  460. modparam("pike", "reqs_density_per_unit", 16)
  461. modparam("pike", "remove_latency", 4)
  462. š
  463. # ----- htable params -----
  464. # ip ban htable with autoexpire after 5 minutes
  465. modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
  466. #!endif
  467. š
  468. #!ifdef WITH_XMLRPC
  469. # ----- xmlrpc params -----
  470. modparam("xmlrpc", "route", "XMLRPC");
  471. modparam("xmlrpc", "url_match", "^/RPC")
  472. #!endif
  473. š
  474. #!ifdef WITH_DEBUG
  475. # ----- debugger params -----
  476. modparam("debugger", "cfgtrace", 1)
  477. #!endif
  478. š
  479. ####### Routing Logic ########
  480. š
  481. š
  482. # Main SIP request routing logic
  483. # - processing of any incoming SIP request starts with this route
  484. # - note: this is the same as route { ... }
  485. request_route {
  486. š
  487. š š š š # per request initial checks
  488. š š š š route(REQINIT);
  489. š
  490. š š š š xlog("L_NOTICE","$rm from $fu (IP:$si:$sp) Main Route before š---NAT---\n");
  491. š š š š route(DEBUG);
  492. š š š š # NAT detection
  493. š š š š route(NATDETECT);
  494. š
  495. š š š š xlog("L_NOTICE","$rm from $fu (IP:$si:$sp) in Route[NATDETECT] fix_nat-register\n");
  496. š š š š route(DEBUG);
  497. š
  498. š š š š # CANCEL processing
  499. š š š š if (is_method("CANCEL"))
  500. š š š š {
  501. š š š š š š š š if (t_check_trans()) {
  502. š š š š š š š š š š š š route(RELAY);
  503. š š š š š š š š }
  504. š š š š š š š š exit;
  505. š š š š }
  506. š
  507. š š š š route(DEBUG);
  508. š
  509. š š š š # handle requests within SIP dialogs
  510. š š š š route(WITHINDLG);
  511. š
  512. š š š š route(DEBUG);
  513. š
  514. š š š š ### only initial requests (no To tag)
  515. š
  516. š š š š t_check_trans();
  517. š
  518. š š š š route(DEBUG);
  519. š
  520. š š š š # authentication
  521. š š š š route(AUTH);
  522. š
  523. š š š š route(DEBUG);
  524. š
  525. š š š š # record routing for dialog forming requests (in case they are routed)
  526. š š š š # - remove preloaded route headers
  527. š š š š remove_hf("Route");
  528. š š š š if (is_method("INVITE|SUBSCRIBE"))
  529. š š š š š š š š record_route();
  530. š
  531. š š š š # account only INVITEs
  532. š š š š if (is_method("INVITE"))
  533. š š š š {
  534. š š š š š š š š setflag(FLT_ACC); # do accounting
  535. š š š š }
  536. š
  537. š š š š # dispatch requests to foreign domains
  538. š š š š route(SIPOUT);
  539. š
  540. š š š š ### requests for my local domains
  541. š
  542. š š š š # handle presence related requests
  543. š š š š route(PRESENCE);
  544. š
  545. š š š š route(DEBUG);
  546. š
  547. š š š š # handle registrations
  548. š š š š route(REGISTRAR);
  549. š
  550. š š š š route(DEBUG);
  551. š
  552. š š š š if ($rU==$null)
  553. š š š š {
  554. š š š š š š š š # request with no Username in RURI
  555. š š š š š š š š sl_send_reply("484","Address Incomplete");
  556. š š š š š š š š exit;
  557. š š š š }
  558. š
  559. š š š š # dispatch destinations to PSTN
  560. # š š š route(PSTN);
  561. š
  562. š š š š route(DEBUG);
  563. š
  564. š š š š # user location service
  565. š š š š route(LOCATION);
  566. š
  567. š š š š route(DEBUG);
  568. š
  569. š š š š route(RELAY);
  570. š
  571. }
  572. š
  573. š
  574. route[RELAY] {
  575. š
  576. š š š š # enable additional event routes for forwarded requests
  577. š š š š # - serial forking, RTP relaying handling, a.s.o.
  578. š š š š if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
  579. š š š š š š š š if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
  580. š š š š }
  581. š š š š if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
  582. š š š š š š š š if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
  583. š š š š }
  584. š š š š if (is_method("INVITE")) {
  585. š š š š š š š š if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
  586. š š š š }
  587. š
  588. š š š š if (!t_relay()) {
  589. š š š š š š š š sl_reply_error();
  590. š š š š }
  591. š š š š exit;
  592. }
  593. š
  594. # Per SIP request initial checks
  595. route[REQINIT] {
  596. #!ifdef WITH_ANTIFLOOD
  597. š š š š # flood dection from same IP and traffic ban for a while
  598. š š š š # be sure you exclude checking trusted peers, such as pstn gateways
  599. š š š š # - local host excluded (e.g., loop to self)
  600. š š š š if(src_ip!=myself)
  601. š š š š {
  602. š š š š š š š š if($sht(ipban=>$si)!=$null)
  603. š š š š š š š š {
  604. š š š š š š š š š š š š # ip is already blocked
  605. š š š š š š š š š š š š xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
  606. š š š š š š š š š š š š exit;
  607. š š š š š š š š }
  608. š š š š š š š š if (!pike_check_req())
  609. š š š š š š š š {
  610. š š š š š š š š š š š š xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
  611. š š š š š š š š š š š š $sht(ipban=>$si) = 1;
  612. š š š š š š š š š š š š exit;
  613. š š š š š š š š }
  614. š š š š }
  615. #!endif
  616. š
  617. š š š š if (!mf_process_maxfwd_header("10")) {
  618. š š š š š š š š sl_send_reply("483","Too Many Hops");
  619. š š š š š š š š exit;
  620. š š š š }
  621. š
  622. š š š š if(!sanity_check("1511", "7"))
  623. š š š š {
  624. š š š š š š š š xlog("Malformed SIP message from $si:$sp\n");
  625. š š š š š š š š exit;
  626. š š š š }
  627. }
  628. š
  629. # Handle requests within SIP dialogs
  630. route[WITHINDLG] {
  631. š š š š if (has_totag()) {
  632. š š š š š š š š # sequential request withing a dialog should
  633. š š š š š š š š # take the path determined by record-routing
  634. š š š š š š š š if (loose_route()) {
  635. š š š š š š š š š š š š route(DLGURI);
  636. š š š š š š š š š š š š if (is_method("BYE")) {
  637. š š š š š š š š š š š š š š š š setflag(FLT_ACC); # do accounting ...
  638. š š š š š š š š š š š š š š š š setflag(FLT_ACCFAILED); # ... even if the transaction fails
  639. š š š š š š š š š š š š }
  640. š š š š š š š š š š š š else if ( is_method("ACK") ) {
  641. š š š š š š š š š š š š š š š š # ACK is forwarded statelessy
  642. š š š š š š š š š š š š š š š š route(NATMANAGE);
  643. š š š š š š š š š š š š }
  644. š š š š š š š š š š š š else if ( is_method("NOTIFY") ) {
  645. š š š š š š š š š š š š š š š š # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
  646. š š š š š š š š š š š š š š š š record_route();
  647. š š š š š š š š š š š š }
  648. š š š š š š š š š š š š route(RELAY);
  649. š š š š š š š š } else {
  650. š š š š š š š š š š š š if (is_method("SUBSCRIBE") && uri == myself) {
  651. š š š š š š š š š š š š š š š š # in-dialog subscribe requests
  652. š š š š š š š š š š š š š š š š route(PRESENCE);
  653. š š š š š š š š š š š š š š š š exit;
  654. š š š š š š š š š š š š }
  655. š š š š š š š š š š š š if ( is_method("ACK") ) {
  656. š š š š š š š š š š š š š š š š if ( t_check_trans() ) {
  657. š š š š š š š š š š š š š š š š š š š š # no loose-route, but stateful ACK;
  658. š š š š š š š š š š š š š š š š š š š š # must be an ACK after a 487
  659. š š š š š š š š š š š š š š š š š š š š # or e.g. 404 from upstream server
  660. š š š š š š š š š š š š š š š š š š š š route(RELAY);
  661. š š š š š š š š š š š š š š š š š š š š exit;
  662. š š š š š š š š š š š š š š š š } else {
  663. š š š š š š š š š š š š š š š š š š š š # ACK without matching transaction ... ignore and discard
  664. š š š š š š š š š š š š š š š š š š š š exit;
  665. š š š š š š š š š š š š š š š š }
  666. š š š š š š š š š š š š }
  667. š š š š š š š š š š š š sl_send_reply("404","Not here");
  668. š š š š š š š š }
  669. š š š š š š š š exit;
  670. š š š š }
  671. }
  672. š
  673. # Handle SIP registrations
  674. route[REGISTRAR] {
  675. š š š š if (is_method("REGISTER"))
  676. š š š š {
  677. š š š š š š š š if(isflagset(FLT_NATS))
  678. š š š š š š š š {
  679. š š š š š š š š š š š š setbflag(FLB_NATB);
  680. š š š š š š š š š š š š # uncomment next line to do SIP NAT pinging
  681. š š š š š š š š š š š š setbflag(FLB_NATSIPPING);
  682. š š š š š š š š }
  683. š š š š š š š š if (!save("location"))
  684. š š š š š š š š š š š š sl_reply_error();
  685. š
  686. š
  687. š š š š #!ifdef WITH_ASTERISK
  688. š š š š š š š š route(REGFWD);
  689. š š š š #!endif
  690. š
  691. š š š š š š š š exit;
  692. š š š š }
  693. }
  694. š
  695. š
  696. #!ifdef WITH_ASTERISK š
  697. # Test if coming from Asterisk
  698. route[FROMASTERISK] {
  699. š š š š if($si==$sel(cfg_get.asterisk.bindip) && $sp==$sel(cfg_get.asterisk.bindport)) return 1;
  700. š š š š return -1;
  701. }
  702. š
  703. š
  704. # Send to Asterisk
  705. route[TOASTERISK] {
  706. š š š š $du = "sip:" + $sel(cfg_get.asterisk.bindip) + ":" + $sel(cfg_get.asterisk.bindport);
  707. š š š š xlog("L_INFO","[$fU@$si:$sp]{$rm} From Outside World to Asterisk Box $du\n");
  708. š š š š route(RELAY);
  709. š š š š exit;
  710. }
  711. š
  712. # Forward REGISTER to Asterisk
  713. route[REGFWD] {
  714. š š š š š š š š if(!is_method("REGISTER"))
  715. š š š š {
  716. š š š š š š š š return;
  717. š š š š }
  718. š
  719. š š š š xlog("[$mi] PRINT AU: $au PRINT fU: $fU Received SIP Message (method: $rm) ($ml bytes) to $Ri:$Rp from $si:$sp:\n$mb\n");
  720. š
  721. š š š š t_relay_to_udp("50.0.0.10", "5060");
  722. š
  723. š š š š xlog("[$mi] PRINT AU: $au PRINT fU: $fU Sended SIP Message (method: $rm) ($ml bytes) to $Ri:$Rp from $si:$sp:\n$mb\n");
  724. š
  725. }
  726. #!endif
  727. š
  728. # USER location service
  729. route[LOCATION] {
  730. š
  731. #!ifdef WITH_SPEEDDIAL
  732. š š š š # search for short dialing - 2-digit extension
  733. š š š š if($rU=~"^[0-9][0-9]$")
  734. š š š š š š š š if(sd_lookup("speed_dial"))
  735. š š š š š š š š š š š š route(SIPOUT);
  736. #!endif
  737. š
  738. #!ifdef WITH_ALIASDB
  739. š š š š # search in DB-based aliases
  740. š š š š if(alias_db_lookup("dbaliases"))
  741. š š š š š š š š route(SIPOUT);
  742. #!endif
  743. š
  744. #!ifdef WITH_ASTERISK
  745. š š š š if(is_method("INVITE") && (!route(FROMASTERISK))) {
  746. š š š š š š š š # if new call from out there - send to Asterisk
  747. š š š š š š š š # - non-INVITE request are routed directly by Kamailio
  748. š š š š š š š š # - traffic from Asterisk is routed also directy by Kamailio
  749. š š š š š š š š route(TOASTERISK);
  750. š š š š š š š š exit;
  751. š š š š }
  752. #!endif
  753. š
  754. š š š š $avp(oexten) = $rU;
  755. š š š š if (!lookup("location")) {
  756. š š š š š š š š $var(rc) = $rc;
  757. š š š š š š š š route(TOVOICEMAIL);
  758. š š š š š š š š t_newtran();
  759. š š š š š š š š switch ($var(rc)) {
  760. š š š š š š š š š š š š case -1:
  761. š š š š š š š š š š š š case -3:
  762. š š š š š š š š š š š š š š š š send_reply("404", "Not Found");
  763. š š š š š š š š š š š š š š š š exit;
  764. š š š š š š š š š š š š case -2:
  765. š š š š š š š š š š š š š š š š send_reply("405", "Method Not Allowed");
  766. š š š š š š š š š š š š š š š š exit;
  767. š š š š š š š š }
  768. š š š š }
  769. š
  770. š š š š # when routing via usrloc, log the missed calls also
  771. š š š š if (is_method("INVITE"))
  772. š š š š {
  773. š š š š š š š š setflag(FLT_ACCMISSED);
  774. š š š š }
  775. š
  776. š š š š route(RELAY);
  777. š š š š exit;
  778. }
  779. š
  780. # Presence server route
  781. route[PRESENCE] {
  782. š š š š if(!is_method("PUBLISH|SUBSCRIBE"))
  783. š š š š š š š š return;
  784. š
  785. š š š š if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") {
  786. š š š š š š š š route(TOVOICEMAIL);
  787. š š š š š š š š # returns here if no voicemail server is configured
  788. š š š š š š š š sl_send_reply("404", "No voicemail service");
  789. š š š š š š š š exit;
  790. š š š š }
  791. š
  792. #!ifdef WITH_PRESENCE
  793. š š š š if (!t_newtran())
  794. š š š š {
  795. š š š š š š š š sl_reply_error();
  796. š š š š š š š š exit;
  797. š š š š }
  798. š
  799. š š š š if(is_method("PUBLISH"))
  800. š š š š {
  801. š š š š š š š š handle_publish();
  802. š š š š š š š š t_release();
  803. š š š š } else if(is_method("SUBSCRIBE")) {
  804. š š š š š š š š handle_subscribe();
  805. š š š š š š š š t_release();
  806. š š š š }
  807. š š š š exit;
  808. #!endif
  809. š š š š
  810. š š š š # if presence enabled, this part will not be executed
  811. š š š š if (is_method("PUBLISH") || $rU==$null)
  812. š š š š {
  813. š š š š š š š š sl_send_reply("404", "Not here");
  814. š š š š š š š š exit;
  815. š š š š }
  816. š š š š return;
  817. }
  818. š
  819. # Authentication route
  820. route[AUTH] {
  821. š
  822. #!ifdef WITH_ASTERISK
  823. š š š š # do not auth traffic from Asterisk - trusted!
  824. š š š š if(route(FROMASTERISK))
  825. š š š š š š š š return;
  826. #!endif
  827. š
  828. š
  829. #!ifdef WITH_AUTH
  830. š
  831. #!ifdef WITH_IPAUTH
  832. š š š š if((!is_method("REGISTER")) && allow_source_address())
  833. š š š š {
  834. š š š š š š š š # source IP allowed
  835. š š š š š š š š return;
  836. š š š š }
  837. #!endif
  838. š
  839. š š š š if (is_method("REGISTER") || from_uri==myself)
  840. š š š š {
  841. š š š š š š š š # authenticate requests
  842. š š š š š š š š if (!auth_check("$fd", "subscriber", "1")) {
  843. š š š š š š š š š š š š auth_challenge("$fd", "0");
  844. š š š š š š š š š š š š exit;
  845. š š š š š š š š }
  846. š š š š š š š š # user authenticated - remove auth header
  847. š š š š š š š š if(!is_method("REGISTER|PUBLISH"))
  848. š š š š š š š š š š š š consume_credentials();
  849. š š š š }
  850. š š š š # if caller is not local subscriber, then check if it calls
  851. š š š š # a local destination, otherwise deny, not an open relay here
  852. š š š š if (from_uri!=myself && uri!=myself)
  853. š š š š {
  854. š š š š š š š š sl_send_reply("403","Not relaying");
  855. š š š š š š š š exit;
  856. š š š š }
  857. š
  858. #!endif
  859. š š š š return;
  860. }
  861. š
  862. # Caller NAT detection route
  863. route[NATDETECT] {
  864. #!ifdef WITH_NAT
  865. š š š š force_rport();
  866. š š š š if (nat_uac_test("19")) {
  867. š š š š š š š š if (is_method("REGISTER")) {
  868. š š š š š š š š š š š š fix_nated_register();
  869. š š š š š š š š } else {
  870. š š š š š š š š š š š š if(is_first_hop())
  871. š š š š š š š š š š š š š š š š set_contact_alias();
  872. š š š š š š š š }
  873. š š š š š š š š setflag(FLT_NATS);
  874. š
  875. š š š š }
  876. #!endif
  877. š š š š return;
  878. }
  879. š
  880. # RTPProxy control
  881. route[NATMANAGE] {
  882. #!ifdef WITH_NAT
  883. š š š š if (is_request()) {
  884. š š š š š š š š if(has_totag()) {
  885. š š š š š š š š š š š š if(check_route_param("nat=yes")) {
  886. š š š š š š š š š š š š š š š š setbflag(FLB_NATB);
  887. š š š š š š š š š š š š }
  888. š š š š š š š š }
  889. š š š š }
  890. š š š š if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
  891. š š š š š š š š return;
  892. š
  893. š š š š rtpproxy_manage();
  894. š
  895. š š š š if (is_request()) {
  896. š š š š š š š š if (!has_totag()) {
  897. š š š š š š š š š š š š if(t_is_branch_route()) {
  898. š š š š š š š š š š š š š š š š add_rr_param(";nat=yes");
  899. š š š š š š š š š š š š }
  900. š š š š š š š š }
  901. š š š š }
  902. š š š š if (is_reply()) {
  903. š š š š š š š š if(isbflagset(FLB_NATB)) {
  904. š š š š š š š š š š š š if(is_first_hop())
  905. š š š š š š š š š š š š š š š š set_contact_alias();
  906. š š š š š š š š }
  907. š
  908. š š š š xlog("L_NOTICE","$rm from $fu (IP:$si:$sp) in route[NATMANAGE] RTPproxy with EI Flags\n");
  909. š
  910. š š š š }
  911. #!endif
  912. š š š š return;
  913. }
  914. š
  915. # URI update for dialog requests
  916. route[DLGURI] {
  917. #!ifdef WITH_NAT
  918. š š š š if(!isdsturiset()) {
  919. š š š š š š š š handle_ruri_alias();
  920. š
  921. š š š š xlog("L_NOTICE","$rm from $fu (IP:$si:$sp) in route[DLGURI] RTPproxy with EI Flags\n");
  922. š
  923. š š š š }
  924. #!endif
  925. š š š š return;
  926. }
  927. š
  928. # Routing to foreign domains
  929. route[SIPOUT] {
  930. š š š š if (!uri==myself)
  931. š š š š {
  932. š š š š š š š š append_hf("P-hint: outbound\r\n");
  933. š š š š š š š š route(RELAY);
  934. š š š š }
  935. }
  936. š
  937. # PSTN GW routing
  938. route[PSTN] {
  939. #!ifdef WITH_PSTN
  940. š š š š # check if PSTN GW IP is defined
  941. š š š š if (strempty($sel(cfg_get.pstn.gw_ip))) {
  942. š š š š š š š š xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
  943. š š š š š š š š return;
  944. š š š š }
  945. š
  946. š š š š # route to PSTN dialed numbers starting with '+' or '00'
  947. š š š š # š š (international format)
  948. š š š š # - update the condition to match your dialing rules for PSTN routing
  949. š š š š if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
  950. š š š š š š š š return;
  951. š
  952. š š š š # only local users allowed to call
  953. š š š š if(from_uri!=myself) {
  954. š š š š š š š š sl_send_reply("403", "Not Allowed");
  955. š š š š š š š š exit;
  956. š š š š }
  957. š
  958. š š š š if (strempty($sel(cfg_get.pstn.gw_port))) {
  959. š š š š š š š š $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
  960. š š š š } else {
  961. š š š š š š š š $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":"
  962. š š š š š š š š š š š š š š š š š š š š + $sel(cfg_get.pstn.gw_port);
  963. š š š š }
  964. š
  965. š š š š route(RELAY);
  966. š š š š exit;
  967. #!endif
  968. š
  969. š š š š return;
  970. }
  971. š
  972. # XMLRPC routing
  973. #!ifdef WITH_XMLRPC
  974. route[XMLRPC] {
  975. š š š š # allow XMLRPC from localhost
  976. š š š š if ((method=="POST" || method=="GET")
  977. š š š š š š š š š š š š && (src_ip==127.0.0.1)) {
  978. š š š š š š š š # close connection only for xmlrpclib user agents (there is a bug in
  979. š š š š š š š š # xmlrpclib: it waits for EOF before interpreting the response).
  980. š š š š š š š š if ($hdr(User-Agent) =~ "xmlrpclib")
  981. š š š š š š š š š š š š set_reply_close();
  982. š š š š š š š š set_reply_no_connect();
  983. š š š š š š š š dispatch_rpc();
  984. š š š š š š š š exit;
  985. š š š š }
  986. š š š š send_reply("403", "Forbidden");
  987. š š š š exit;
  988. }
  989. #!endif
  990. š
  991. # route to voicemail server
  992. route[TOVOICEMAIL] {
  993. #!ifdef WITH_VOICEMAIL
  994. š š š š if(!is_method("INVITE|SUBSCRIBE"))
  995. š š š š š š š š return;
  996. š
  997. š š š š # check if VoiceMail server IP is defined
  998. š š š š if (strempty($sel(cfg_get.voicemail.srv_ip))) {
  999. š š š š š š š š xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n");
  1000. š š š š š š š š return;
  1001. š š š š }
  1002. š š š š if(is_method("INVITE")) {
  1003. š š š š š š š š if($avp(oexten)==$null)
  1004. š š š š š š š š š š š š return;
  1005. š š š š š š š š $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)
  1006. š š š š š š š š š š š š š š š š + ":" + $sel(cfg_get.voicemail.srv_port);
  1007. š š š š } else {
  1008. š š š š š š š š if($rU==$null)
  1009. š š š š š š š š š š š š return;
  1010. š š š š š š š š $ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip)
  1011. š š š š š š š š š š š š š š š š + ":" + $sel(cfg_get.voicemail.srv_port);
  1012. š š š š }
  1013. š š š š route(RELAY);
  1014. š š š š exit;
  1015. #!endif
  1016. š
  1017. š š š š return;
  1018. }
  1019. š
  1020. # manage outgoing branches
  1021. branch_route[MANAGE_BRANCH] {
  1022. š š š š xdbg("new branch [$T_branch_idx] to $ru\n");
  1023. š š š š route(NATMANAGE);
  1024. }
  1025. š
  1026. # manage incoming replies
  1027. onreply_route[MANAGE_REPLY] {
  1028. š š š š xdbg("incoming reply\n");
  1029. š š š š if(status=~"[12][0-9][0-9]")
  1030. š š š š š š š š route(NATMANAGE);
  1031. }
  1032. š
  1033. # manage failure routing cases
  1034. failure_route[MANAGE_FAILURE] {
  1035. š š š š route(NATMANAGE);
  1036. š
  1037. š š š š if (t_is_canceled()) {
  1038. š š š š š š š š exit;
  1039. š š š š }
  1040. š
  1041. #!ifdef WITH_BLOCK3XX
  1042. š š š š # block call redirect based on 3xx replies.
  1043. š š š š if (t_check_status("3[0-9][0-9]")) {
  1044. š š š š š š š š t_reply("404","Not found");
  1045. š š š š š š š š exit;
  1046. š š š š }
  1047. #!endif
  1048. š
  1049. #!ifdef WITH_VOICEMAIL
  1050. š š š š # serial forking
  1051. š š š š # - route to voicemail on busy or no answer (timeout)
  1052. š š š š if (t_check_status("486|408")) {
  1053. š š š š š š š š $du = $null;
  1054. š š š š š š š š route(TOVOICEMAIL);
  1055. š š š š š š š š exit;
  1056. š š š š }
  1057. #!endif
  1058. }
  1059. š
  1060. š
  1061. route[DEBUG] {
  1062. š š š š if (method==("PUBLISH|SUBSCRIBE|REGISTER|OPTIONS")) {
  1063. š š š š š š š š return;
  1064. š š š š }
  1065. š š š š xlog("[$mi] Received SIP Message (method: $rm) ($ml bytes) to $Ri:$Rp from $si:$sp:\n$mb\n");
  1066. }

--
๓ ีืมึลฮษลอ, แฬลหำมฮฤา ๗มำษฮ.

8 926 1437200
icq: 9906064