kamailio.cfg


#
# Kamailio (OpenSER) SIP Server v3.1 - default configuration script
#     - web: http://www.kamailio.org
#     - git: http://sip-router.org
#
# Direct your questions about this file to: <sr-users@lists.sip-router.org>
#
# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
# for an explanation of possible statements, functions and parameters.
#
# Several features can be enabled using '#!define WITH_FEATURE' directives:
#
# *** To run in debug mode:
#     - define WITH_DEBUG
#
# *** To enable mysql:
#     - define WITH_MYSQL
#
# *** To enable authentication execute:
#     - enable mysql
#     - define WITH_AUTH
#     - add users using 'kamctl'
#
# *** To enable IP authentication execute:
#     - enable mysql
#     - enable authentication
#     - define WITH_IPAUTH
#     - add IP addresses with group id '1' to 'address' table
#
# *** To enable persistent user location execute:
#     - enable mysql
#     - define WITH_USRLOCDB
#
# *** To enable presence server execute:
#     - enable mysql
#     - define WITH_PRESENCE
#
# *** To enable nat traversal execute:
#     - define WITH_NAT
#     - install RTPProxy: http://www.rtpproxy.org
#     - start RTPProxy:
#        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
#
# *** To enable PSTN gateway routing execute:
#     - define WITH_PSTN
#     - set the value of pstn.gw_ip
#     - check route[PSTN] for regexp routing condition
#
# *** To enable database aliases lookup execute:
#     - enable mysql
#     - define WITH_ALIASDB
#
# *** To enable multi-domain support execute:
#     - enable mysql
#     - define WITH_MULTIDOMAIN
#
# *** To enable TLS support execute:
#     - adjust CFGDIR/tls.cfg as needed
#     - define WITH_TLS
#
# *** To enable XMLRPC support execute:
#     - define WITH_XMLRPC
#     - adjust route[XMLRPC] for access policy
#
# *** To enable anti-flood detection execute:
#     - adjust pike and htable=>ipban settings as needed (default is
#       block if more than 16 requests in 2 seconds and ban for 300 seconds)
#     - define WITH_ANTIFLOOD
#
# *** To enhance accounting execute:
#     - enable mysql
#     - define WITH_ACCDB
#     - add following columns to database

# ======= XVB =======
#!substdef "!MY_IP_ADDR!172.16.165.129!g"
#!substdef "!MY_DOMAIN!172.16.165.129!g"
#!substdef "!MY_WS_PORT!8080!g"
#!substdef "!MY_WSS_PORT!4443!g"
#!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g"
#!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"

# ====== XVB ========
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB
#!define WITH_ANTIFLOOD
# define WITH_DEBUG
#!define WITH_PRESENCE
#!define WITH_NAT
#!define WITH_WEBSOCKETS

#!ifdef ACCDB_COMMENT
  ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
  ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
  ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
  ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
#!endif

####### Defined Values #########

# *** Value defines - IDs used later in config
#!ifdef WITH_MYSQL
# - database URL - used to connect to database server by modules such
#       as: auth_db, acc, usrloc, a.s.o.
#!define DBURL "mysql://openser:serpas@localhost/openser"
# XVB: subscriber view
#!define DBURL_XVB "mysql://xvb:pass1xvb@localhost/xvb"
#!endif
#!ifdef WITH_MULTIDOMAIN
# - the value for 'use_domain' parameters
#!define MULTIDOMAIN 1
#!else
#!define MULTIDOMAIN 0
#!endif

# - flags
#   FLT_ - per transaction (message) flags
#	FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5

#!define FLB_NATB 6
#!define FLB_NATSIPPING 7

####### Global Parameters #########

#!ifdef WITH_DEBUG
debug=4
log_stderror=yes
#!else
debug=2
log_stderror=no
#!endif

memdbg=5
memlog=5

log_facility=LOG_LOCAL0

fork=yes
children=4

/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes

/* uncomment the next line to disable the auto discovery of local aliases
   based on reverse DNS on IPs (default on) */
#auto_aliases=no

/* add local domain aliases */
#alias="sip.mydomain.com"
/* XVB NEED TO FIX */
alias="vpbx18-dev"

/* uncomment and configure the following line if you want Kamailio to
   bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:10.0.0.10:5060

listen=MY_IP_ADDR
#!ifdef WITH_WEBSOCKETS
listen=MY_WS_ADDR
#!ifdef WITH_TLS
listen=MY_WSS_ADDR
#!endif
#!endif

/* port to listen to
 * - can be specified more than once if needed to listen on many ports */
port=5060

#!ifdef WITH_TLS
enable_tls=yes
#!endif

tcp_connection_lifetime=3604
tcp_accept_no_cl=yes
tcp_rd_buf_size=16384

####### Custom Parameters #########

# These parameters can be modified runtime via RPC interface
# - see the documentation of 'cfg_rpc' module.
#
# Format: group.id = value 'desc' description
# Access: $sel(cfg_get.group.id) or @cfg_get.group.id
#

#!ifdef WITH_PSTN
# PSTN GW Routing
#
# - pstn.gw_ip: valid IP or hostname as string value, example:
# pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
#
# - by default is empty to avoid misrouting
pstn.gw_ip = "1.1.1.1" desc "PSTN GW Address"
#!endif

# XVB
xvb.gw_ip = "172.16.165.129" desc "XVB  GW Address"


####### Modules Section ########

# set paths to location of modules
#!ifdef LOCAL_TEST_RUN
mpath="modules_k:modules"
#!else
mpath="/usr/lib/kamailio/modules_k/:/usr/lib/kamailio/modules/"
#!endif

#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif

loadmodule "mi_fifo.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "mi_rpc.so"
loadmodule "acc.so"
loadmodule "dispatcher.so"

#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif

#!ifdef WITH_ALIASDB
loadmodule "alias_db.so"
#!endif

#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif

#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif

#!ifdef WITH_NAT
#loadmodule "nathelper.so"
#loadmodule "rtpproxy.so"
#!endif

#!ifdef WITH_WEBSOCKETS
loadmodule "xhttp.so"
loadmodule "websocket.so"
loadmodule "nathelper.so"
#!endif

#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif

#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
#!endif

#!ifdef WITH_XMLRPC
loadmodule "xmlrpc.so"
#!endif

# ----------------- setting module-specific parameters ---------------

# -- dispatcher
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
modparam("dispatcher", "force_dst", 1)
modparam("dispatcher", "flags", 2)
#modparam("dispatcher", "ds_probing_threshhold", 2)
modparam("dispatcher", "ds_ping_interval", 15)
modparam("dispatcher", "ds_ping_method", "OPTIONS")
modparam("dispatcher", "ds_probing_mode", 0)
modparam("dispatcher", "dst_avp", "$avp(i:271)")
modparam("dispatcher", "grp_avp", "$avp(i:272)")
modparam("dispatcher", "cnt_avp", "$avp(i:273)")

# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")


# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 3sec
modparam("tm", "fr_timer", 3000)
# default invite retransmission timeout after 1xx: 120sec
#modparam("tm", "fr_inv_timer", 120000)


# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)


# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)


# ----- acc params -----
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_ack", 0)
modparam("acc", "report_cancels", 0)
/* by default ww do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc", "log_extra",
	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
/* enhanced DB accounting */
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url", DBURL)
modparam("acc", "db_extra",
	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif


# ----- usrloc params -----
/* enable DB persistency for location entries */
#!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", DBURL_XVB)
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif


# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL_XVB)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
modparam("auth_db", "use_domain", MULTIDOMAIN)

# ----- permissions params -----
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
#!endif

#!endif


# ----- alias_db params -----
#!ifdef WITH_ALIASDB
modparam("alias_db", "db_url", DBURL)
modparam("alias_db", "use_domain", MULTIDOMAIN)
#!endif


# ----- domain params -----
#!ifdef WITH_MULTIDOMAIN
modparam("domain", "db_url", DBURL)
# use caching
modparam("domain", "db_mode", 1)
# register callback to match myself condition with domains list
modparam("domain", "register_myself", 1)
#!endif


#!ifdef WITH_PRESENCE
# ----- presence params -----
modparam("presence", "db_url", DBURL_XVB)

# ----- presence_xml params -----
modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
#!endif


#!ifdef WITH_NAT
# ----- rtpproxy params -----
#modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")

# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org")

# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
#!endif


#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "//etc/kamailio/tls.cfg")
#!endif

#!ifdef WITH_ANTIFLOOD
# ----- pike params -----
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 4)

# ----- htable params -----
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif

#!ifdef WITH_XMLRPC
# ----- xmlrpc params -----
modparam("xmlrpc", "route", "XMLRPC");
modparam("xmlrpc", "url_match", "^/RPC")
#!endif
#
modparam("ctl", "binrpc", "unix:/tmp/kamailio_ctl")
####### Routing Logic ########


# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
route {

	# per request initial checks
	route(REQINIT);

	# NAT detection
	route(NAT);

	# handle requests within SIP dialogs
	route(WITHINDLG);

	### only initial requests (no To tag)

	# CANCEL processing
	if (is_method("CANCEL"))
	{
		if (t_check_trans())
			t_relay();
		exit;
	}

	t_check_trans();

	# authentication
	route(AUTH);

	# record routing for dialog forming requests (in case they are routed)
	# - remove preloaded route headers
	remove_hf("Route");
	if (is_method("INVITE|SUBSCRIBE"))
		record_route();

	# account only INVITEs
	if (is_method("INVITE"))
	{
		setflag(FLT_ACC); # do accounting
	}

	# dispatch requests to foreign domains
	#route(SIPOUT);

	### requests for my local domains

	# handle presence related requests
	route(PRESENCE);

	# handle registrations
	route(REGISTRAR);

	if ($rU==$null)
	{
		# request with no Username in RURI
		sl_send_reply("484","Address Incomplete");
		exit;
	}

	# dispatch destinations to PSTN
	#route(PSTN);

	# dispatch destinations to VirtualPBX
	route(XVB);

	# user location service
	route(LOCATION);

	route(RELAY);
}


route[RELAY] {
#!ifdef WITH_NAT
	if (check_route_param("nat=yes")) {
		setbflag(FLB_NATB);
	}
	if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
		route(RTPPROXY);
	}
#!endif

	/* example how to enable some additional event routes */
	if (is_method("INVITE")) {
		#t_on_branch("BRANCH_ONE");
		t_on_reply("REPLY_ONE");
		t_on_failure("FAIL_ONE");
	}

	if (!t_relay()) {
		sl_reply_error();
	}
	exit;
}

route[RELAY_XVB] {
#!ifdef WITH_NAT
	if (check_route_param("nat=yes")) {
		setbflag(FLB_NATB);
	}
	if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
		route(RTPPROXY);
	}
#!endif

	/* example how to enable some additional event routes */
	if (is_method("INVITE")) {
		#t_on_branch("BRANCH_ONE");
		t_on_reply("REPLY_ONE");
		t_on_failure("FAIL_TWO");
	}

	if (!t_relay()) {
		sl_reply_error();
	}
	exit;
}

# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
	# flood dection from same IP and traffic ban for a while
	# be sure you exclude checking trusted peers, such as pstn gateways
	# - local host excluded (e.g., loop to self)
	if(src_ip!=myself)
	{
		if($sht(ipban=>$si)!=$null)
		{
			# ip is already blocked
			xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
			exit;
		}
		if (!pike_check_req())
		{
			xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
			$sht(ipban=>$si) = 1;
			exit;
		}
	}
#!endif

	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		exit;
	}

	if(!sanity_check("1511", "7"))
	{
		xlog("Malformed SIP message from $si:$sp\n");
		exit;
	}

	# XVB
	#
	# 100Rel/PRACK relax for asterisk
	#
	if (method=="PRACK") {
		sl_send_reply("200","Ok");
		exit;
	}
}

# Handle requests within SIP dialogs
route[WITHINDLG] {
	if (has_totag()) {
		# sequential request withing a dialog should
		# take the path determined by record-routing
		if (loose_route()) {
#!ifdef WITH_WEBSOCKETS
			if ($du == "") {
				if (!handle_ruri_alias()) {
					xlog("L_ERR", "Bad alias <$ru>\n");
					sl_send_reply("400", "Bad Request");
					exit;
				}
			}
#!endif
			if (is_method("BYE")) {
				setflag(FLT_ACC); # do accounting ...
				setflag(FLT_ACCFAILED); # ... even if the transaction fails
			}
			route(RELAY);
		} else {
			if (is_method("SUBSCRIBE") && uri == myself) {
				# in-dialog subscribe requests
				route(PRESENCE);
				exit;
			}
			if ( is_method("ACK") ) {
				if ( t_check_trans() ) {
					# no loose-route, but stateful ACK;
					# must be an ACK after a 487
					# or e.g. 404 from upstream server
					t_relay();
					exit;
				} else {
					# ACK without matching transaction ... ignore and discard
					exit;
				}
			}
			sl_send_reply("404","Not here");
		}
		exit;
	}
}

# Handle SIP registrations
route[REGISTRAR] {
	if (is_method("REGISTER"))
	{
		if(isflagset(FLT_NATS))
		{
			setbflag(FLB_NATB);
			# uncomment next line to do SIP NAT pinging
			## setbflag(FLB_NATSIPPING);
		}
		if (!save("location"))
			sl_reply_error();

		exit;
	}
}

# USER location service
route[LOCATION] {

#!ifdef WITH_ALIASDB
	# search in DB-based aliases
	alias_db_lookup("dbaliases");
#!endif

	if (!lookup("location")) {
		switch ($rc) {
			case -1:
			case -3:
				t_newtran();
				t_reply("404", "Not Found");
				exit;
			case -2:
				sl_send_reply("405", "Method Not Allowed");
				exit;
		}
	}

	# when routing via usrloc, log the missed calls also
	if (is_method("INVITE"))
	{
		setflag(FLT_ACCMISSED);
	}
}

# Presence server route
route[PRESENCE] {
	if(!is_method("PUBLISH|SUBSCRIBE"))
		return;

#!ifdef WITH_PRESENCE
	if (!t_newtran())
	{
		sl_reply_error();
		exit;
	};

	if(is_method("PUBLISH"))
	{
		handle_publish();
		t_release();
	}
	else
	if( is_method("SUBSCRIBE"))
	{
		handle_subscribe();
		t_release();
	}
	exit;
#!endif

	# if presence enabled, this part will not be executed
	if (is_method("PUBLISH") || $rU==$null)
	{
		sl_send_reply("404", "Not here");
		exit;
	}
	return;
}

# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
	if (is_method("REGISTER"))
	{
		# authenticate the REGISTER requests (uncomment to enable auth)
		if (!www_authorize("$td", "subscriber"))
		{
			www_challenge("$td", "0");
			exit;
		}

		if ($au!=$tU)
		{
			sl_send_reply("403","Forbidden auth ID");
			exit;
		}
	} else {

#!ifdef WITH_IPAUTH
		if(allow_source_address())
		{
			# source IP allowed
			return;
		}
#!endif

		# authenticate if from local subscriber
		if (from_uri==myself)
		{
			if (!proxy_authorize("$fd", "subscriber")) {
				proxy_challenge("$fd", "0");
				exit;
			}
			if (is_method("PUBLISH"))
			{
				if ($au!=$tU) {
					sl_send_reply("403","Forbidden auth ID");
					exit;
				}
			} else {
				if ($au!=$fU) {
					sl_send_reply("403","Forbidden auth ID");
					exit;
				}
			}

			consume_credentials();
			# caller authenticated
		} else {
			# caller is not local subscriber, then check if it calls
			# a local destination, otherwise deny, not an open relay here
			if (!uri==myself)
			{
				sl_send_reply("403","Not relaying");
				exit;
			}
		}
	}
#!endif
	return;
}

# Caller NAT detection route
route[NAT] {
#!ifdef WITH_NAT
	force_rport();
	if (nat_uac_test("64")) {
		if (method=="REGISTER") {
			fix_nated_register();
		} else {
			fix_nated_contact();
			if (!add_contact_alias()) {
				xlog("L_ERR", "Error aliasing contact <$ct>\n");
				sl_send_reply("400", "Bad Request");
				exit;
			}
		}
		setflag(FLT_NATS);
	}
#!endif
	return;
}

# RTPProxy control
route[RTPPROXY] {
#!ifdef WITH_NAT
#
# XVB
#	if (is_method("BYE")) {
#		unforce_rtp_proxy();
#	} else if (is_method("INVITE")){
#		force_rtp_proxy();
#	}
	if (!has_totag()) add_rr_param(";nat=yes");
#!endif
	return;
}

# Routing to foreign domains
route[SIPOUT] {
	if (!uri==myself)
	{
		append_hf("P-hint: outbound\r\n");
		route(RELAY);
	}
}

# XVB: VirtualPBX routing
route[XVB] {
	# fix me: XVB FHCP
	if( $si == $sel(cfg_get.xvb.gw_ip) ) {
		return;
	}

	# only local users allowed to call
	if(from_uri!=myself) {
		sl_send_reply("403", "Not Allowed");
		exit;
	}

	if (is_method("INVITE")) {
		remove_hf("X-Src-IP");
		append_hf("X-Src-IP: $si\r\n");
		if (is_present_hf("Require")) {
			$var(req_hdr)=$hdr(Require);
			remove_hf("Require");
			if (is_present_hf_re("Supported")) {
				$var(sup_hdr)=$hdr(Supported);
				remove_hf("Supported");
				append_hf("Supported: $var(req_hdr), $var(sup_hdr)\r\n");
			} else {
				append_hf("Supported: $var(req_hdr)\r\n");
			}
		}
	}

	$ru = "sip:" + $rU + "@" + $sel(cfg_get.xvb.gw_ip) + ":5080";

	#
	# XVB cluster
	#ds_select_domain("1", "4");

	route(RELAY_XVB);
	exit;
}

# PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
	# check if PSTN GW IP is defined
	if (strempty($sel(cfg_get.pstn.gw_ip))) {
		xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
		return;
	}

	# route to PSTN dialed numbers starting with '+' or '00'
	#     (international format)
	# - update the condition to match your dialing rules for PSTN routing
	if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
		return;

	# only local users allowed to call
	if(from_uri!=myself) {
		sl_send_reply("403", "Not Allowed");
		exit;
	}

	$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);

	route(RELAY);
	exit;
#!endif

	return;
}

# XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC]
{
	# allow XMLRPC from localhost
	if ((method=="POST" || method=="GET")
			&& (src_ip==127.0.0.1)) {
		# close connection only for xmlrpclib user agents (there is a bug in
		# xmlrpclib: it waits for EOF before interpreting the response).
		if ($hdr(User-Agent) =~ "xmlrpclib")
			set_reply_close();
		set_reply_no_connect();
		dispatch_rpc();
		exit;
	}
	send_reply("403", "Forbidden");
	exit;
}
#!endif

# Sample branch router
branch_route[BRANCH_ONE] {
	xdbg("new branch at $ru\n");
}

# Sample onreply route
onreply_route[REPLY_ONE] {
	xdbg("incoming reply\n");
#!ifdef WITH_NAT
#
# XVB
#	if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
#			&& status=~"(183)|(2[0-9][0-9])") {
#		force_rtp_proxy();
#	}
	if (isbflagset("6")) {
		fix_nated_contact();
	}
#!endif
}

# Sample failure route
failure_route[FAIL_ONE] {
#!ifdef WITH_NAT
#
# XVB
#	if (is_method("INVITE")
#			&& (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
#		unforce_rtp_proxy();
#	}
#!endif

	if (t_is_canceled()) {
		exit;
	}

	# uncomment the following lines if you want to block client
	# redirect based on 3xx replies.
	##if (t_check_status("3[0-9][0-9]")) {
	##t_reply("404","Not found");
	##	exit;
	##}

	# uncomment the following lines if you want to redirect the failed
	# calls to a different new destination
	##if (t_check_status("486|408")) {
	##	sethostport("192.168.2.100:5060");
	##	append_branch();
	##	# do not set the missed call flag again
	##	t_relay();
	##}
}

failure_route[FAIL_TWO] {
#!ifdef WITH_NAT
# XVB
#	if (is_method("INVITE")
#			&& (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
#		unforce_rtp_proxy();
#	}
#!endif
	if (t_is_canceled()) {
		exit;
	}
	if(t_check_status("408")) {
		if (! ds_next_domain() ) {
			t_reply("503", "Service unavailable: no more gws");
			return;
		} else {
			t_relay();
			return;
		}
	}
}

#!ifdef WITH_WEBSOCKETS
event_route[xhttp:request] {
        set_reply_close();
        set_reply_no_connect();

        if ($Rp != MY_WS_PORT
#!ifdef WITH_TLS
            && $Rp != MY_WSS_PORT
#!endif
        ) {

                xlog("L_WARN", "HTTP request received on $Rp\n");
                xhttp_reply("403", "Forbidden", "", "");
                exit;
        }

        xlog("L_DBG", "HTTP Request Received\n");

        if ($hdr(Upgrade)=~"websocket"
                        && $hdr(Connection)=~"Upgrade"
                        && $rm=~"GET") {

                # Validate Host - make sure the client is using the correct
                # alias for WebSockets
                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                        xlog("L_WARN", "Bad host $hdr(Host)\n");
                        xhttp_reply("403", "Forbidden", "", "");
                        exit;
                }

                # Optional... validate Origin - make sure the client is from an
                # authorised website.  For example,
                #
                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
                #       xhttp_reply("403", "Forbidden", "", "");
                #       exit;
                # }

                # Optional... perform HTTP authentication

                # ws_handle_handshake() exits (no further configuration file
                # processing of the request) when complete.
                if (ws_handle_handshake())
                {
                        # Optional... cache some information about the
                        # successful connection
                        exit;
                }
        }

        xhttp_reply("404", "Not found", "", "");
}

event_route[websocket:closed] {
xlog("L_INFO", "WebSocket connection from $si:$sp has closed\n");
}
#!endif