diff --git a/misc/examples/webrtc/kamailio-default-websocket.cfg b/misc/examples/webrtc/kamailio-default-websocket.cfg new file mode 100644 index 00000000000..cb6175c12eb --- /dev/null +++ b/misc/examples/webrtc/kamailio-default-websocket.cfg @@ -0,0 +1,1019 @@ +#!KAMAILIO +# +# Kamailio (OpenSER) SIP Server v5.3 - default configuration script +# - web: https://www.kamailio.org +# - git: https://github.com/kamailio/kamailio +# +# Direct your questions about this file to: +# +# Refer to the Core CookBook at https://www.kamailio.org/wiki/ +# for an explanation of possible statements, functions and parameters. +# +# Note: the comments can be: +# - lines starting with #, but not the pre-processor directives, +# which start with #!, like #!define, #!ifdef, #!endif, #!else, #!trydef, +# #!subst, #!substdef, ... +# - lines starting with // +# - blocks enclosed in between /* */ +# +# Several features can be enabled using '#!define WITH_FEATURE' directives: +# +# *** To run in debug mode: +# - define WITH_DEBUG +# +# *** To enable mysql: +# - define WITH_MYSQL +# +# *** To enable authentication execute: +# - enable mysql +# - define WITH_AUTH +# - add users using 'kamctl' +# +# *** To enable IP authentication execute: +# - enable mysql +# - enable authentication +# - define WITH_IPAUTH +# - add IP addresses with group id '1' to 'address' table +# +# *** To enable persistent user location execute: +# - enable mysql +# - define WITH_USRLOCDB +# +# *** To enable presence server execute: +# - enable mysql +# - define WITH_PRESENCE +# +# *** To enable nat traversal execute: +# - define WITH_NAT +# - define WITH_RTPPROXY +# - install RTPProxy: http://www.rtpproxy.org +# - start RTPProxy +# rtpproxy -l _your_public_ip_ -s udp:localhost:7722 +# - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING +# +# *** To enable PSTN gateway routing execute: +# - define WITH_PSTN +# - set the value of pstn.gw_ip +# - check route[PSTN] for regexp routing condition +# +# *** To enable database aliases lookup execute: +# - enable mysql +# - define WITH_ALIASDB +# +# *** To enable speed dial lookup execute: +# - enable mysql +# - define WITH_SPEEDDIAL +# +# *** To enable multi-domain support execute: +# - enable mysql +# - define WITH_MULTIDOMAIN +# +# *** To enable TLS support execute: +# - adjust CFGDIR/tls.cfg as needed +# - define WITH_TLS +# +# *** To enable XMLRPC support execute: +# - define WITH_XMLRPC +# - adjust route[XMLRPC] for access policy +# +# *** To enable WebSocket support execute: +# - define WITH_WEBSOCKET +# +# *** To enable anti-flood detection execute: +# - adjust pike and htable=>ipban settings as needed (default is +# block if more than 16 requests in 2 seconds and ban for 300 seconds) +# - define WITH_ANTIFLOOD +# +# *** To block 3XX redirect replies execute: +# - define WITH_BLOCK3XX +# +# *** To block 401 and 407 authentication replies execute: +# - define WITH_BLOCK401407 +# +# *** To enable VoiceMail routing execute: +# - define WITH_VOICEMAIL +# - set the value of voicemail.srv_ip +# - adjust the value of voicemail.srv_port +# +# *** To enhance accounting execute: +# - enable mysql +# - define WITH_ACCDB +# - add following columns to database +#!ifdef ACCDB_COMMENT + ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; + ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default ''; + ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; + ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; + ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default ''; + ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; + ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; +#!endif + +####### Include Local Config If Exists ######### +import_file "kamailio-local.cfg" + +####### Defined Values ######### + +#!define WITH_NAT +#!define WITH_TLS +#!define WITH_WEBSOCKET + +# *** Value defines - IDs used later in config +#!ifdef WITH_MYSQL +# - database URL - used to connect to database server by modules such +# as: auth_db, acc, usrloc, a.s.o. +#!ifndef DBURL +#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio" +#!endif +#!endif +#!ifdef WITH_MULTIDOMAIN +# - the value for 'use_domain' parameters +#!define MULTIDOMAIN 1 +#!else +#!define MULTIDOMAIN 0 +#!endif + +# - flags +# FLT_ - per transaction (message) flags +# FLB_ - per branch flags +#!define FLT_ACC 1 +#!define FLT_ACCMISSED 2 +#!define FLT_ACCFAILED 3 +#!define FLT_NATS 5 + +#!define FLB_NATB 6 +#!define FLB_NATSIPPING 7 + +####### Global Parameters ######### + +### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR +#!ifdef WITH_DEBUG +debug=4 +log_stderror=yes +#!else +debug=2 +log_stderror=no +#!endif + +memdbg=5 +memlog=5 + +log_facility=LOG_LOCAL0 +log_prefix="{$mt $hdr(CSeq) $ci} " + +/* number of SIP routing processes */ +children=8 + +/* uncomment the next line to disable TCP (default on) */ +# disable_tcp=yes + +/* uncomment the next line to disable the auto discovery of local aliases + * based on reverse DNS on IPs (default on) */ +# auto_aliases=no + +/* add local domain aliases */ +# alias="sip.mydomain.com" + +/* uncomment and configure the following line if you want Kamailio to + * bind on a specific interface/port/proto (default bind on all available) */ +# listen=udp:10.0.0.10:5060 + +#!ifdef WITH_TLS +enable_tls=yes +#!endif + +/* life time of TCP connection when there is no traffic + * - a bit higher than registration expires to cope with UA behind NAT */ +tcp_connection_lifetime=3605 + +#!ifdef WITH_WEBSOCKET +tcp_accept_no_cl=yes +tcp_rd_buf_size=16384 +#!endif + +####### Custom Parameters ######### + +/* These parameters can be modified runtime via RPC interface + * - see the documentation of 'cfg_rpc' module. + * + * Format: group.id = value 'desc' description + * Access: $sel(cfg_get.group.id) or @cfg_get.group.id */ + +#!ifdef WITH_PSTN +/* PSTN GW Routing + * + * - pstn.gw_ip: valid IP or hostname as string value, example: + * pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address" + * + * - by default is empty to avoid misrouting */ +pstn.gw_ip = "" desc "PSTN GW Address" +pstn.gw_port = "" desc "PSTN GW Port" +#!endif + +#!ifdef WITH_VOICEMAIL +/* VoiceMail Routing on offline, busy or no answer + * + * - by default Voicemail server IP is empty to avoid misrouting */ +voicemail.srv_ip = "" desc "VoiceMail IP Address" +voicemail.srv_port = "5060" desc "VoiceMail Port" +#!endif + +####### Modules Section ######## + +/* set paths to location of modules */ +# mpath="/usr/local/lib/kamailio/modules/" + +#!ifdef WITH_MYSQL +loadmodule "db_mysql.so" +#!endif + +loadmodule "jsonrpcs.so" +loadmodule "kex.so" +loadmodule "corex.so" +loadmodule "tm.so" +loadmodule "tmx.so" +loadmodule "sl.so" +loadmodule "rr.so" +loadmodule "pv.so" +loadmodule "maxfwd.so" +loadmodule "usrloc.so" +loadmodule "registrar.so" +loadmodule "textops.so" +loadmodule "siputils.so" +loadmodule "xlog.so" +loadmodule "sanity.so" +loadmodule "ctl.so" +loadmodule "cfg_rpc.so" +loadmodule "acc.so" +loadmodule "counters.so" + +#!ifdef WITH_AUTH +loadmodule "auth.so" +loadmodule "auth_db.so" +#!ifdef WITH_IPAUTH +loadmodule "permissions.so" +#!endif +#!endif + +#!ifdef WITH_ALIASDB +loadmodule "alias_db.so" +#!endif + +#!ifdef WITH_SPEEDDIAL +loadmodule "speeddial.so" +#!endif + +#!ifdef WITH_MULTIDOMAIN +loadmodule "domain.so" +#!endif + +#!ifdef WITH_PRESENCE +loadmodule "presence.so" +loadmodule "presence_xml.so" +#!endif + +#!ifdef WITH_NAT +loadmodule "nathelper.so" +#!ifdef WITH_RTPPROXY +loadmodule "rtpproxy.so" +#!endif +#!endif + +#!ifdef WITH_TLS +loadmodule "tls.so" +#!endif + +#!ifdef WITH_ANTIFLOOD +loadmodule "htable.so" +loadmodule "pike.so" +#!endif + +#!ifdef WITH_XMLRPC +loadmodule "xmlrpc.so" +#!endif + +#!ifdef WITH_DEBUG +loadmodule "debugger.so" +#!endif + +#!ifdef WITH_WEBSOCKET +loadmodule "xhttp.so" +loadmodule "websocket.so" +#!endif + +# ----------------- setting module-specific parameters --------------- + + +# ----- jsonrpcs params ----- +modparam("jsonrpcs", "pretty_format", 1) +/* set the path to RPC fifo control file */ +# modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo") +/* set the path to RPC unix socket control file */ +# modparam("jsonrpcs", "dgram_socket", "/var/run/kamailio/kamailio_rpc.sock") + +# ----- ctl params ----- +/* set the path to RPC unix socket control file */ +# modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl") + +# ----- tm params ----- +# auto-discard branches from previous serial forking leg +modparam("tm", "failure_reply_mode", 3) +# default retransmission timeout: 30sec +modparam("tm", "fr_timer", 30000) +# default invite retransmission timeout after 1xx: 120sec +modparam("tm", "fr_inv_timer", 120000) + +# ----- rr params ----- +# set next param to 1 to add value to ;lr param (helps with some UAs) +modparam("rr", "enable_full_lr", 0) +# do not append from tag to the RR (no need for this script) +modparam("rr", "append_fromtag", 0) + +# ----- registrar params ----- +modparam("registrar", "method_filtering", 1) +/* uncomment the next line to disable parallel forking via location */ +# modparam("registrar", "append_branches", 0) +/* uncomment the next line not to allow more than 10 contacts per AOR */ +# modparam("registrar", "max_contacts", 10) +/* max value for expires of registrations */ +modparam("registrar", "max_expires", 3600) +/* set it to 1 to enable GRUU */ +modparam("registrar", "gruu_enabled", 0) + +# ----- acc params ----- +/* what special events should be accounted ? */ +modparam("acc", "early_media", 0) +modparam("acc", "report_ack", 0) +modparam("acc", "report_cancels", 0) +/* by default ww do not adjust the direct of the sequential requests. + * if you enable this parameter, be sure the enable "append_fromtag" + * in "rr" module */ +modparam("acc", "detect_direction", 0) +/* account triggers (flags) */ +modparam("acc", "log_flag", FLT_ACC) +modparam("acc", "log_missed_flag", FLT_ACCMISSED) +modparam("acc", "log_extra", + "src_user=$fU;src_domain=$fd;src_ip=$si;" + "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") +modparam("acc", "failed_transaction_flag", FLT_ACCFAILED) +/* enhanced DB accounting */ +#!ifdef WITH_ACCDB +modparam("acc", "db_flag", FLT_ACC) +modparam("acc", "db_missed_flag", FLT_ACCMISSED) +modparam("acc", "db_url", DBURL) +modparam("acc", "db_extra", + "src_user=$fU;src_domain=$fd;src_ip=$si;" + "dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") +#!endif + +# ----- usrloc params ----- +/* enable DB persistency for location entries */ +#!ifdef WITH_USRLOCDB +modparam("usrloc", "db_url", DBURL) +modparam("usrloc", "db_mode", 2) +modparam("usrloc", "use_domain", MULTIDOMAIN) +#!endif + +# ----- auth_db params ----- +#!ifdef WITH_AUTH +modparam("auth_db", "db_url", DBURL) +modparam("auth_db", "calculate_ha1", yes) +modparam("auth_db", "password_column", "password") +modparam("auth_db", "load_credentials", "") +modparam("auth_db", "use_domain", MULTIDOMAIN) + +# ----- permissions params ----- +#!ifdef WITH_IPAUTH +modparam("permissions", "db_url", DBURL) +modparam("permissions", "db_mode", 1) +#!endif + +#!endif + +# ----- alias_db params ----- +#!ifdef WITH_ALIASDB +modparam("alias_db", "db_url", DBURL) +modparam("alias_db", "use_domain", MULTIDOMAIN) +#!endif + +# ----- speeddial params ----- +#!ifdef WITH_SPEEDDIAL +modparam("speeddial", "db_url", DBURL) +modparam("speeddial", "use_domain", MULTIDOMAIN) +#!endif + +# ----- domain params ----- +#!ifdef WITH_MULTIDOMAIN +modparam("domain", "db_url", DBURL) +/* register callback to match myself condition with domains list */ +modparam("domain", "register_myself", 1) +#!endif + +#!ifdef WITH_PRESENCE +# ----- presence params ----- +modparam("presence", "db_url", DBURL) + +# ----- presence_xml params ----- +modparam("presence_xml", "db_url", DBURL) +modparam("presence_xml", "force_active", 1) +#!endif + +#!ifdef WITH_NAT +#!ifdef WITH_RTPPROXY +# ----- rtpproxy params ----- +modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722") +#!endif + +# ----- nathelper params ----- +modparam("nathelper", "natping_interval", 30) +modparam("nathelper", "ping_nated_only", 1) +modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) +modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org") + +# params needed for NAT traversal in other modules +modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)") +modparam("usrloc", "nat_bflag", FLB_NATB) +#!endif + +#!ifdef WITH_TLS +# ----- tls params ----- +modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") +#!endif + +#!ifdef WITH_ANTIFLOOD +# ----- pike params ----- +modparam("pike", "sampling_time_unit", 2) +modparam("pike", "reqs_density_per_unit", 16) +modparam("pike", "remove_latency", 4) + +# ----- htable params ----- +/* ip ban htable with autoexpire after 5 minutes */ +modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") +#!endif + +#!ifdef WITH_XMLRPC +# ----- xmlrpc params ----- +modparam("xmlrpc", "route", "XMLRPC"); +modparam("xmlrpc", "url_match", "^/RPC") +#!endif + +#!ifdef WITH_DEBUG +# ----- debugger params ----- +modparam("debugger", "cfgtrace", 1) +modparam("debugger", "log_level_name", "exec") +#!endif + +####### Routing Logic ######## + + +/* Main SIP request routing logic + * - processing of any incoming SIP request starts with this route + * - note: this is the same as route { ... } */ +request_route { + + # per request initial checks + route(REQINIT); + + # NAT detection + route(NATDETECT); + + # CANCEL processing + if (is_method("CANCEL")) { + if (t_check_trans()) { + route(RELAY); + } + exit; + } + + # handle retransmissions + if (!is_method("ACK")) { + if(t_precheck_trans()) { + t_check_trans(); + exit; + } + t_check_trans(); + } + + # handle requests within SIP dialogs + route(WITHINDLG); + + ### only initial requests (no To tag) + + # authentication + route(AUTH); + + # record routing for dialog forming requests (in case they are routed) + # - remove preloaded route headers + remove_hf("Route"); + if (is_method("INVITE|SUBSCRIBE")) { + record_route(); + } + + # account only INVITEs + if (is_method("INVITE")) { + setflag(FLT_ACC); # do accounting + } + + # dispatch requests to foreign domains + route(SIPOUT); + + ### requests for my local domains + + # handle presence related requests + route(PRESENCE); + + # handle registrations + route(REGISTRAR); + + if ($rU==$null) { + # request with no Username in RURI + sl_send_reply("484","Address Incomplete"); + exit; + } + + # dispatch destinations to PSTN + route(PSTN); + + # user location service + route(LOCATION); +} + +# Wrapper for relaying requests +route[RELAY] { + + # enable additional event routes for forwarded requests + # - serial forking, RTP relaying handling, a.s.o. + if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { + if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); + } + if (is_method("INVITE|SUBSCRIBE|UPDATE")) { + if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); + } + if (is_method("INVITE")) { + if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); + } + + if (!t_relay()) { + sl_reply_error(); + } + exit; +} + +# Per SIP request initial checks +route[REQINIT] { +#!ifdef WITH_ANTIFLOOD + # flood detection from same IP and traffic ban for a while + # be sure you exclude checking trusted peers, such as pstn gateways + # - local host excluded (e.g., loop to self) + if(src_ip!=myself) { + if($sht(ipban=>$si)!=$null) { + # ip is already blocked + xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); + exit; + } + if (!pike_check_req()) { + xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); + $sht(ipban=>$si) = 1; + exit; + } + } +#!endif + if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { + # silent drop for scanners - uncomment next line if want to reply + # sl_send_reply("200", "OK"); + exit; + } + + if (!mf_process_maxfwd_header("10")) { + sl_send_reply("483","Too Many Hops"); + exit; + } + + if(is_method("OPTIONS") && uri==myself && $rU==$null) { + sl_send_reply("200","Keepalive"); + exit; + } + + if(!sanity_check("17895", "7")) { + xlog("Malformed SIP message from $si:$sp\n"); + exit; + } +} + +# Handle requests within SIP dialogs +route[WITHINDLG] { + if (!has_totag()) return; + + # sequential request withing a dialog should + # take the path determined by record-routing + if (loose_route()) { + route(DLGURI); + if (is_method("BYE")) { + setflag(FLT_ACC); # do accounting ... + setflag(FLT_ACCFAILED); # ... even if the transaction fails + } else if ( is_method("ACK") ) { + # ACK is forwarded statelessly + route(NATMANAGE); + } else if ( is_method("NOTIFY") ) { + # Add Record-Route for in-dialog NOTIFY as per RFC 6665. + record_route(); + } + route(RELAY); + exit; + } + + if (is_method("SUBSCRIBE") && uri == myself) { + # in-dialog subscribe requests + route(PRESENCE); + exit; + } + if ( is_method("ACK") ) { + if ( t_check_trans() ) { + # no loose-route, but stateful ACK; + # must be an ACK after a 487 + # or e.g. 404 from upstream server + route(RELAY); + exit; + } else { + # ACK without matching transaction ... ignore and discard + exit; + } + } + sl_send_reply("404","Not here"); + exit; +} + +# Handle SIP registrations +route[REGISTRAR] { + if (!is_method("REGISTER")) return; + + if(isflagset(FLT_NATS)) { + setbflag(FLB_NATB); +#!ifdef WITH_NATSIPPING + # do SIP NAT pinging + setbflag(FLB_NATSIPPING); +#!endif + } + if (!save("location")) { + sl_reply_error(); + } + exit; +} + +# User location service +route[LOCATION] { + +#!ifdef WITH_SPEEDDIAL + # search for short dialing - 2-digit extension + if($rU=~"^[0-9][0-9]$") { + if(sd_lookup("speed_dial")) { + route(SIPOUT); + } + } +#!endif + +#!ifdef WITH_ALIASDB + # search in DB-based aliases + if(alias_db_lookup("dbaliases")) { + route(SIPOUT); + } +#!endif + + $avp(oexten) = $rU; + if (!lookup("location")) { + $var(rc) = $rc; + route(TOVOICEMAIL); + t_newtran(); + switch ($var(rc)) { + case -1: + case -3: + send_reply("404", "Not Found"); + exit; + case -2: + send_reply("405", "Method Not Allowed"); + exit; + } + } + + # when routing via usrloc, log the missed calls also + if (is_method("INVITE")) { + setflag(FLT_ACCMISSED); + } + + route(RELAY); + exit; +} + +# Presence server processing +route[PRESENCE] { + if(!is_method("PUBLISH|SUBSCRIBE")) return; + + if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") { + route(TOVOICEMAIL); + # returns here if no voicemail server is configured + sl_send_reply("404", "No voicemail service"); + exit; + } + +#!ifdef WITH_PRESENCE + if (!t_newtran()) { + sl_reply_error(); + exit; + } + + if(is_method("PUBLISH")) { + handle_publish(); + t_release(); + } else if(is_method("SUBSCRIBE")) { + handle_subscribe(); + t_release(); + } + exit; +#!endif + + # if presence enabled, this part will not be executed + if (is_method("PUBLISH") || $rU==$null) { + sl_send_reply("404", "Not here"); + exit; + } + return; +} + +# IP authorization and user authentication +route[AUTH] { +#!ifdef WITH_AUTH + +#!ifdef WITH_IPAUTH + if((!is_method("REGISTER")) && allow_source_address()) { + # source IP allowed + return; + } +#!endif + + if (is_method("REGISTER") || from_uri==myself) { + # authenticate requests + if (!auth_check("$fd", "subscriber", "1")) { + auth_challenge("$fd", "0"); + exit; + } + # user authenticated - remove auth header + if(!is_method("REGISTER|PUBLISH")) + consume_credentials(); + } + # if caller is not local subscriber, then check if it calls + # a local destination, otherwise deny, not an open relay here + if (from_uri!=myself && uri!=myself) { + sl_send_reply("403","Not relaying"); + exit; + } + +#!else + + # authentication not enabled - do not relay at all to foreign networks + if(uri!=myself) { + sl_send_reply("403","Not relaying"); + exit; + } + +#!endif + return; +} + +# Caller NAT detection +route[NATDETECT] { +#!ifdef WITH_NAT + force_rport(); + if (nat_uac_test("83")) { + if (is_method("REGISTER")) { + fix_nated_register(); + } else { + if(is_first_hop()) { + set_contact_alias(); + } + } + setflag(FLT_NATS); + } +#!endif + return; +} + +# RTPProxy control and signaling updates for NAT traversal +route[NATMANAGE] { +#!ifdef WITH_NAT + if (is_request()) { + if(has_totag()) { + if(check_route_param("nat=yes")) { + setbflag(FLB_NATB); + } + } + } + if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return; + +#!ifdef WITH_RTPPROXY + if(nat_uac_test("8")) { + rtpproxy_manage("co"); + } else { + rtpproxy_manage("cor"); + } +#!endif + + if (is_request()) { + if (!has_totag()) { + if(t_is_branch_route()) { + add_rr_param(";nat=yes"); + } + } + } + if (is_reply()) { + if(isbflagset(FLB_NATB) || nat_uac_test("64")) { + if(is_first_hop()) + set_contact_alias(); + } + } +#!endif + return; +} + +# URI update for dialog requests +route[DLGURI] { +#!ifdef WITH_NAT + if(!isdsturiset()) { + handle_ruri_alias(); + } +#!endif + return; +} + +# Routing to foreign domains +route[SIPOUT] { + if (uri==myself) return; + + append_hf("P-hint: outbound\r\n"); + route(RELAY); + exit; +} + +# PSTN GW routing +route[PSTN] { +#!ifdef WITH_PSTN + # check if PSTN GW IP is defined + if (strempty($sel(cfg_get.pstn.gw_ip))) { + xlog("SCRIPT: PSTN routing enabled but pstn.gw_ip not defined\n"); + return; + } + + # route to PSTN dialed numbers starting with '+' or '00' + # (international format) + # - update the condition to match your dialing rules for PSTN routing + if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$")) return; + + # only local users allowed to call + if(from_uri!=myself) { + sl_send_reply("403", "Not Allowed"); + exit; + } + + # normalize target number for pstn gateway + # - convert leading 00 to + + if (starts_with("$rU", "00")) { + strip(2); + prefix("+"); + } + + if (strempty($sel(cfg_get.pstn.gw_port))) { + $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip); + } else { + $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":" + + $sel(cfg_get.pstn.gw_port); + } + + route(RELAY); + exit; +#!endif + + return; +} + +# XMLRPC routing +#!ifdef WITH_XMLRPC +route[XMLRPC] { + # allow XMLRPC from localhost + if ((method=="POST" || method=="GET") + && (src_ip==127.0.0.1)) { + # close connection only for xmlrpclib user agents (there is a bug in + # xmlrpclib: it waits for EOF before interpreting the response). + if ($hdr(User-Agent) =~ "xmlrpclib") + set_reply_close(); + set_reply_no_connect(); + dispatch_rpc(); + exit; + } + send_reply("403", "Forbidden"); + exit; +} +#!endif + +# Routing to voicemail server +route[TOVOICEMAIL] { +#!ifdef WITH_VOICEMAIL + if(!is_method("INVITE|SUBSCRIBE")) return; + + # check if VoiceMail server IP is defined + if (strempty($sel(cfg_get.voicemail.srv_ip))) { + xlog("SCRIPT: VoiceMail routing enabled but IP not defined\n"); + return; + } + if(is_method("INVITE")) { + if($avp(oexten)==$null) return; + + $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip) + + ":" + $sel(cfg_get.voicemail.srv_port); + } else { + if($rU==$null) return; + + $ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip) + + ":" + $sel(cfg_get.voicemail.srv_port); + } + route(RELAY); + exit; +#!endif + + return; +} + +# Manage outgoing branches +branch_route[MANAGE_BRANCH] { + xdbg("new branch [$T_branch_idx] to $ru\n"); + route(NATMANAGE); +} + +# Manage incoming replies +onreply_route[MANAGE_REPLY] { + xdbg("incoming reply\n"); + if(status=~"[12][0-9][0-9]") { + route(NATMANAGE); + } +} + +# Manage failure routing cases +failure_route[MANAGE_FAILURE] { + route(NATMANAGE); + + if (t_is_canceled()) exit; + +#!ifdef WITH_BLOCK3XX + # block call redirect based on 3xx replies. + if (t_check_status("3[0-9][0-9]")) { + t_reply("404","Not found"); + exit; + } +#!endif + +#!ifdef WITH_BLOCK401407 + # block call redirect based on 401, 407 replies. + if (t_check_status("401|407")) { + t_reply("404","Not found"); + exit; + } +#!endif + +#!ifdef WITH_VOICEMAIL + # serial forking + # - route to voicemail on busy or no answer (timeout) + if (t_check_status("486|408")) { + $du = $null; + route(TOVOICEMAIL); + exit; + } +#!endif +} + +#!ifdef WITH_WEBSOCKET +event_route[xhttp:request] { + set_reply_close(); + set_reply_no_connect(); + if ($hdr(Upgrade)=~"websocket" + && $hdr(Connection)=~"Upgrade" + && $rm=~"GET") { + + # Validate Host - make sure the client is using the correct + # alias for WebSockets + if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) { + xlog("L_WARN", "Bad host $hdr(Host)\n"); + xhttp_reply("403", "Forbidden", "", ""); + exit; + } + if (ws_handle_handshake()) { + # Optional... cache some information about the + # successful connection + exit; + } + } + xhttp_reply("404", "Not Found", "", ""); +} +#!endif