Last active
June 10, 2016 08:21
-
-
Save onegreyonewhite/858895572a99fc4c38aabb4387bab039 to your computer and use it in GitHub Desktop.
KAMAILIO
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!KAMAILIO | |
# | |
# sample config file for dispatcher module | |
# - load balancing of VoIP calls with round robin | |
# - no TPC listening | |
# - don't dispatch REGISTER and presence requests | |
# | |
# Kamailio (OpenSER) SIP Server v3.2 | |
# - web: http://www.kamailio.org | |
# - git: http://sip-router.org | |
# | |
# Direct your questions about this file to: sr-users@lists.sip-router.org | |
# | |
# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php | |
# for an explanation of possible statements, functions and parameters. | |
# | |
# Several features can be enabled using '#!define WITH_FEATURE' directives: | |
# | |
# *** To run in debug mode: | |
# - define WITH_DEBUG | |
# | |
####### Global Parameters ######### | |
#!define DBURL "mysql://kamailio:kamailiorw@10.11.12.14/kamailio" | |
#!define WITH_ANTIFLOOD | |
#!define WITH_NAT | |
#!ifdef WITH_MULTIDOMAIN | |
# - the value for 'use_domain' parameters | |
#!define MULTIDOMAIN 1 | |
#!else | |
#!define MULTIDOMAIN 0 | |
#!endif | |
# - flags | |
# FLT_ - per transaction (message) flags | |
# FLB_ - per branch flags | |
#!define FLT_ACC 1 | |
#!define FLT_ACCMISSED 2 | |
#!define FLT_ACCFAILED 3 | |
#!define FLT_NATS 5 | |
#!define FLB_NATB 6 | |
#!define FLB_NATSIPPING 7 | |
#!ifdef WITH_DEBUG | |
debug=4 | |
log_stderror=yes | |
#!else | |
debug=2 | |
log_stderror=no | |
#!endif | |
memdbg=5 | |
memlog=5 | |
#mhomed=1 | |
log_facility=LOG_LOCAL0 | |
fork=yes | |
children=8 | |
/* comment the next line to enable TCP */ | |
disable_tcp=no | |
/* uncomment the next line to disable the auto discovery of local aliases | |
based on revers DNS on IPs (default on) */ | |
auto_aliases=yes | |
/* add local domain aliases */ | |
# alias="mysipserver.com" | |
port=5060 | |
/* uncomment and configure the following line if you want Kamailio to | |
bind on a specific interface/port/proto (default bind on all available) */ | |
# listen=udp:127.0.0.1:5060 | |
sip_warning=no | |
####### Modules Section ######## | |
#set module path | |
mpath="//lib64/kamailio/modules/" | |
loadmodule "db_mysql.so" | |
loadmodule "mi_fifo.so" | |
loadmodule "kex.so" | |
loadmodule "tm.so" | |
loadmodule "tmx.so" | |
loadmodule "sl.so" | |
loadmodule "rr.so" | |
loadmodule "pv.so" | |
loadmodule "maxfwd.so" | |
loadmodule "usrloc.so" | |
loadmodule "registrar.so" | |
loadmodule "textops.so" | |
loadmodule "siputils.so" | |
loadmodule "xlog.so" | |
loadmodule "sanity.so" | |
loadmodule "ctl.so" | |
loadmodule "mi_rpc.so" | |
loadmodule "acc.so" | |
loadmodule "dispatcher.so" | |
loadmodule "permissions.so" | |
#!ifdef WITH_ANTIFLOOD | |
loadmodule "htable.so" | |
loadmodule "pike.so" | |
#!endif | |
loadmodule "auth.so" | |
loadmodule "auth_db.so" | |
loadmodule "uac.so" | |
# ----------------- setting module-specific parameters --------------- | |
# ----- mi_fifo params ----- | |
modparam("mi_fifo", "fifo_name", "/var/run/kamailio/kamailio_fifo") | |
modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl") | |
# ----- rr params ----- | |
# add value to ;lr param to cope with most of the UAs | |
modparam("rr", "enable_full_lr", 1) | |
# do not append from tag to the RR (no need for this script) | |
modparam("rr", "append_fromtag", 1) | |
# ----- acc params ----- | |
modparam("acc", "log_flag", 1) | |
modparam("acc", "failed_transaction_flag", 3) | |
modparam("acc", "log_extra", | |
"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si") | |
# ----- tm params ----- | |
modparam("tm", "fr_timer", 2000) | |
modparam("tm", "fr_inv_timer", 40000) | |
#!ifdef WITH_ANTIFLOOD | |
# ----- pike params ----- | |
modparam("pike", "sampling_time_unit", 2) | |
modparam("pike", "reqs_density_per_unit", 16) | |
modparam("pike", "remove_latency", 4) | |
# ----- htable params ----- | |
# ip ban htable with autoexpire after 5 minutes | |
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") | |
#!endif | |
# ----- dispatcher params ----- | |
modparam("dispatcher", "db_url", DBURL) | |
modparam("dispatcher", "table_name", "dispatcher") | |
modparam("dispatcher", "flags", 2) | |
modparam("dispatcher", "force_dst", 1) | |
modparam("dispatcher", "ds_ping_interval", 15) | |
modparam("dispatcher", "ds_ping_reply_codes", "class=2;class=3;class=4") | |
modparam("dispatcher", "dst_avp", "$avp(AVP_DST)") | |
modparam("dispatcher", "grp_avp", "$avp(AVP_GRP)") | |
modparam("dispatcher", "cnt_avp", "$avp(AVP_CNT)") | |
modparam("permissions", "db_url", DBURL) | |
modparam("permissions", "db_mode", 1) | |
modparam("usrloc", "db_url", DBURL) | |
modparam("usrloc", "db_mode", 2) | |
modparam("usrloc", "matching_mode", 0) | |
modparam("usrloc", "use_domain", MULTIDOMAIN) | |
modparam("auth_db", "db_url", DBURL) | |
modparam("auth_db", "calculate_ha1", yes) | |
modparam("auth_db", "password_column", "password") | |
modparam("auth_db", "load_credentials", "") | |
modparam("auth_db", "use_domain", MULTIDOMAIN) | |
####### Routing Logic ######## | |
# main request routing logic | |
route { | |
# per request initial checks | |
route(REQINIT); | |
### only initial requests (no To tag) | |
# handle retransmissions | |
if(t_precheck_trans()) { | |
t_check_trans(); | |
exit; | |
} | |
t_check_trans(); | |
# authentication | |
route(AUTH); | |
if(is_method("INVITE")){ | |
xlog("src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si"); | |
xlog("Route-URI is: $route_uri\n"); | |
} | |
# check if some media | |
route(ASTERISK); | |
# handle registrations | |
route(REGISTRAR); | |
# dispatch destinations | |
route(DISPATCH); | |
route(RELAY); | |
} | |
# Wrapper for relaying requests | |
route[RELAY] { | |
if (!uri==myself) | |
append_hf("P-hint: outbound\r\n"); | |
if (!t_relay()) { | |
sl_reply_error(); | |
} | |
exit; | |
} | |
# Per SIP request initial checks | |
route[REQINIT] { | |
#!ifdef WITH_ANTIFLOOD | |
# flood dection from same IP and traffic ban for a while | |
# be sure you exclude checking trusted peers, such as pstn gateways | |
# - local host excluded (e.g., loop to self) | |
if(src_ip!=myself) | |
{ | |
if($sht(ipban=>$si)!=$null) | |
{ | |
# ip is already blocked | |
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); | |
exit; | |
} | |
if (!pike_check_req()) | |
{ | |
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); | |
$sht(ipban=>$si) = 1; | |
exit; | |
} | |
} | |
#!endif | |
if (!mf_process_maxfwd_header("10")) { | |
sl_send_reply("483","Too Many Hops"); | |
exit; | |
} | |
if(!sanity_check("1511", "7")) | |
{ | |
xlog("Malformed SIP message from $si:$sp\n"); | |
exit; | |
} | |
} | |
# Handle SIP registrations | |
route[REGISTRAR] { | |
if (!is_method("REGISTER")) return; | |
if (!save("location")) { | |
sl_reply_error(); | |
} | |
exit; | |
} | |
# IP authorization and user authentication | |
route[AUTH] { | |
if((!is_method("REGISTER")) && allow_source_address()) { | |
# source IP allowed | |
return; | |
} | |
if (is_method("REGISTER") || from_uri==myself) { | |
# authenticate requests | |
if (!auth_check("$fd", "subscriber", "1")) { | |
auth_challenge("$fd", "0"); | |
route(REGISTRAR); | |
} | |
# user authenticated - remove auth header | |
if(!is_method("REGISTER|PUBLISH")) | |
consume_credentials(); | |
} | |
# if caller is not local subscriber, then check if it calls | |
# a local destination, otherwise deny, not an open relay here | |
if (from_uri!=myself && uri!=myself) { | |
sl_send_reply("403","Not relaying"); | |
exit; | |
} | |
} | |
#ASterisk checks | |
route[ASTERISK]{ | |
if(ds_is_from_list()){ | |
xlog("Asterisk asked...$rm"); | |
if (is_method("REGISTER")) | |
sl_send_reply("200","ok"); | |
else if (is_method("INVITE|BYE|CANCEL")){ | |
forward(); | |
exit; | |
} | |
route(RELAY); | |
exit; | |
} | |
} | |
# Dispatch requests | |
route[DISPATCH] { | |
sl_send_reply("100","Trying"); | |
# round robin dispatching on gateways group '1' | |
if(!ds_select_dst("1", "5")) | |
{ | |
send_reply("404", "No destination"); | |
exit; | |
} | |
xlog("L_DBG", "--- SCRIPT: going to <$ru> via <$du>\n"); | |
t_on_failure("RTF_DISPATCH"); | |
route(RELAY); | |
exit; | |
} | |
# Failure re-route | |
failure_route[RTF_DISPATCH] { | |
xlog("L_INFO", "[R-DISPATCHER-ROLLOVER:$ci] " | |
"Relay to dispatcher-selected gateway failed\n"); | |
if(t_is_expired()) { | |
xlog("L_INFO", "[R-DISPATCHER-ROLLOVER:$ci] !> " | |
"Transaction expired - aborting\n"); | |
exit; | |
} | |
if(t_is_canceled()) { | |
xlog("L_INFO", "[R-DISPATCHER-ROLLOVER:$ci] !> " | |
"Transaction cancelled - aborting\n"); | |
exit; | |
} | |
# next DST - only for 500 or local timeout | |
if (t_check_status("500") | |
or (t_branch_timeout() and !t_branch_replied())) | |
{ | |
if(ds_next_dst()) | |
{ | |
t_on_failure("RTF_DISPATCH"); | |
t_relay(); | |
exit; | |
} | |
else { | |
xlog("L_ERR", "[R-DISPATCHER-ROLLOVER:$ci] !> " | |
"No more gateways in route set\n"); | |
t_reply("503", "Out of gateways"); | |
exit; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment