openpkg-packages/openser/openser.cfg

##
##  openser.cfg -- OpenSER server configuration
##

#
#   GLOBAL CONFIGURATION PARAMETERS
#

#   process configuration
debug=1
log_stderror=no
fork=yes
check_via=no
dns=no
rev_dns=no
children=4
user="@l_rusr@"
group="@l_rgrp@"
fifo="@l_prefix@/var/openser/openser.fifo"
workdir="@l_prefix@/var/openser"

#   network configuration
alias="sip.example.com"
listen="127.0.0.1"
port=5060

#
#   EXTENSION MODULE LOADING
#

#loadmodule "@l_prefix@/lib/openser/modules/dbtext.so"

loadmodule "@l_prefix@/lib/openser/modules/sl.so"
loadmodule "@l_prefix@/lib/openser/modules/tm.so"
loadmodule "@l_prefix@/lib/openser/modules/rr.so"
loadmodule "@l_prefix@/lib/openser/modules/maxfwd.so"
loadmodule "@l_prefix@/lib/openser/modules/usrloc.so"
loadmodule "@l_prefix@/lib/openser/modules/registrar.so"
loadmodule "@l_prefix@/lib/openser/modules/textops.so"

#loadmodule "@l_prefix@/lib/openser/modules/auth.so"
#loadmodule "@l_prefix@/lib/openser/modules/auth_db.so"

#loadmodule "@l_prefix@/lib/openser/modules/nathelper.so"

#
#   EXTENSION MODULE CONFIGURATION
#

#   module rr:
modparam("rr", "enable_full_lr", 1)

#   module usrloc:
modparam("usrloc", "db_mode", 0)
#modparam("usrloc", "db_mode", 2)
#modparam("usrloc|auth_db", "db_url", "dbtext://@l_prefix@/var/openser/db")

#   module auth:
#modparam("auth_db", "calculate_ha1", 1)
#modparam("auth_db", "password_column", "password")
#modparam("auth_db", "user_column", "username")
#modparam("auth_db", "domain_column", "domain")

#   module nathelper:
#modparam("registrar", "nat_flag", 6)
#modparam("nathelper", "natping_interval", 30)
#modparam("nathelper", "ping_nated_only", 1)
#modparam("nathelper", "rtpproxy_sock", "unix:@l_prefix@/var/openser/openser_rtpproxy.sock")
#modparam("nathelper", "rtpproxy_disable", 0)
#modparam("nathelper", "rtpproxy_disable_tout", 20)
#modparam("nathelper", "sipping_from", "sip:pinger@sip.example.com")

#
#   MAIN ROUTING LOGIC
#

route{
    #   initial sanity checks -- messages with
    #   max_forwards==0, or excessively long requests
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483", "Too Many Hops");
        exit;
    };
    if (msg:len >= max_len) {
        sl_send_reply("513", "Message too big");
        exit;
    };

    #if (method == "INVITE" && uri != myself) {
    #    sl_send_reply("403", "No relaying");
    #    exit;
    #};

    #   NAT: special handling for NAT'ed clients; first, NAT test is
    #   executed: it looks for via!=received and RFC1918 addresses in
    #   Contact (may fail if line-folding is used); also, the received
    #   test should, if completed, should check all vias for presence of
    #   received.
    #if (nat_uac_test("3")) {
    #    #   allow RR-ed requests, as these may indicate that NAT-enabled
    #    #   aproxy takes care of it; unless it is REGISTER
    #    if (method == "REGISTER" || ! search("^Record-Route:")) {
    #        log("LOG: Someone trying to register from private IP, rewriting\n");
    #        fix_nated_contact(); # rewrite contact with source IP of signalling
    #        if (method == "INVITE") {
    #            fix_nated_sdp("1"); # add direction=active to SDP
    #        };
    #        force_rport(); # add rport parameter to topmost Via
    #        setflag(6);    # mark as NAT'ed
    #    };
    #};

    #   we record-route all messages -- to make sure that
    #   subsequent messages will go through our proxy; that's
    #   particularly good if upstream and downstream entities
    #   use different transport protocol
    if (method != "REGISTER") {
        record_route();
    };

    #   subsequent messages withing a dialog should take the
    #   path determined by record-routing
    if (loose_route()) {
        #   mark routing logic in request
        append_hf("P-hint: rr-enforced\r\n"); 
        route(1);
    };

    if (uri != myself) {
        #   mark routing logic in request
        append_hf("P-hint: outbound\r\n"); 
        route(1);
    };

    #   if the request is for other domain use USRLOC
    #   (in case, it does not work, use the following command
    #   with proper names and addresses in it)
    if (uri == myself) {
        if (method == "REGISTER") {
            #   uncomment this if you want to use digest authentication
            #if (!www_authorize("sip.example.com", "subscriber")) {
            #    www_challenge("sip.example.com", "0");
            #    exit;
            #};
            save("location");
            exit;
        };

        lookup("aliases");
        if (uri != myself) {
            append_hf("P-hint: outbound alias\r\n"); 
            route(1);
        };

        #   native SIP destinations are handled using our USRLOC DB
        if (!lookup("location")) {
            sl_send_reply("404", "Not Found");
            exit;
        };
        append_hf("P-hint: usrloc applied\r\n"); 
    };

    route(1);
}

route[1] {
    #   disable RFC1918 peers
    if (uri =~ "[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")) {
        sl_send_reply("479", "We don't forward to RFC 1918 IPv4 addresses");
        exit;
    };
                                
    #   NAT: if client or server know to be behind a NAT, enable relay
    #if (isflagset(6)) {
    #    force_rtp_proxy();
    #};
                                                        
    #   NAT: processing of replies; apply to all transactions
    #t_on_reply("1");
                                                                        
    #   send it out now; use stateful forwarding as it works reliably even for UDP2TCP
    if (!t_relay()) {
        sl_reply_error();
    };
}

#onreply_route[1] {
    #   NAT: is it a NAT'ed transaction ?
    #   otherwise, is it a transaction behind a NAT and we did not
    #   know at time of request processing ? (RFC1918 contacts)
    #if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
    #    fix_nated_contact();
    #    force_rtp_proxy();
    #} else if (nat_uac_test("1")) {
    #    fix_nated_contact();
    #};
#}