examples/kamailio/pstn.cfg
91301510
 #
 # $Id$
 #
 # example: ser configured as PSTN gateway guard; PSTN gateway is located
 # at 192.168.0.10
 #
 
 # ------------------ module loading ----------------------------------
 
8a79b963
 #set module path
f41e32d6
 mpath="/usr/local/lib/kamailio/modules/"
8a79b963
 
 loadmodule "sl.so"
 loadmodule "tm.so"
 loadmodule "acc.so"
 loadmodule "rr.so"
 loadmodule "maxfwd.so"
2573b4bf
 loadmodule "db_mysql.so"
8a79b963
 loadmodule "auth.so"
 loadmodule "auth_db.so"
 loadmodule "group.so"
 loadmodule "uri.so"
91301510
 
 # ----------------- setting module-specific parameters ---------------
 
f41e32d6
 modparam("auth_db", "db_url","mysql://kamailio:kamailiorw@localhost/kamailio")
91301510
 modparam("auth_db", "calculate_ha1", yes)
 modparam("auth_db", "password_column", "password")
 
 # -- acc params --
 modparam("acc", "log_level", 1)
 # that is the flag for which we will account -- don't forget to
 # set the same one :-)
 modparam("acc", "log_flag", 1 )
 
 # -------------------------  request routing logic -------------------
 
 # main routing logic
 
 route{
 
 	/* ********* ROUTINE CHECKS  ********************************** */
 
 	# filter too old messages
 	if (!mf_process_maxfwd_header("10")) {
 		log("LOG: Too many hops\n");
 		sl_send_reply("483","Too Many Hops");
8a79b963
 		exit;
91301510
 	};
8a79b963
 	if (msg:len >=  2048 ) {
 		sl_send_reply("513", "Message too big");
 		exit;
91301510
 	};
 
 	/* ********* RR ********************************** */
 
 	/* grant Route routing if route headers present */
8a79b963
 	if (loose_route()) { t_relay(); exit; };
91301510
 	
 	/* record-route INVITEs -- all subsequent requests must visit us */
 	if (method=="INVITE") {
 		record_route();
 	};
 
 	# now check if it really is a PSTN destination which should be handled
 	# by our gateway; if not, and the request is an invitation, drop it --
 	# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
 	# be for example BYEs sent by gateway to call originator
 	if (!uri=~"sip:\+?[0-9]+@.*") {
 		if (method=="INVITE") {
 			sl_send_reply("403", "Call cannot be served here");
 		} else {
00daf736
 			forward();
91301510
 		};
8a79b963
 		exit;
91301510
 	}; 
 
 	# account completed transactions via syslog
 	setflag(1);
 
 	# free call destinations ... no authentication needed
 	if ( is_user_in("Request-URI", "free-pstn")  /* free destinations */
2573b4bf
 			||  uri=~"sip:[79][0-9][0-9][0-9]@.*"  /* local PBX */
 			|| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
91301510
 		log("free call");
 	} else if (src_ip==192.168.0.10) {
 		# our gateway doesn't support digest authentication;
 		# verify that a request is coming from it by source
 		# address
 		log("gateway-originated request");
 	} else {
 		# in all other cases, we need to check the request against
 		# access control lists; first of all, verify request
 		# originator's identity
 
 		if (!proxy_authorize(	"gateway" /* realm */,
 				"subscriber" /* table name */))  {
 			proxy_challenge( "gateway" /* realm */, "0" /* no qop */ );
8a79b963
 			exit;
91301510
 		};
 
 		# authorize only for INVITEs -- RR/Contact may result in weird
 		# things showing up in d-uri that would break our logic; our
 		# major concern is INVITE which causes PSTN costs 
 
 		if (method=="INVITE") {
 
 			# does the authenticated user have a permission for local
 			# calls (destinations beginning with a single zero)? 
 			# (i.e., is he in the "local" group?)
 			if (uri=~"sip:0[1-9][0-9]+@.*") {
 				if (!is_user_in("credentials", "local")) {
 					sl_send_reply("403", "No permission for local calls"); 
8a79b963
 					exit;
91301510
 				};
 			# the same for long-distance (destinations begin with two zeros")
 			} else if (uri=~"sip:00[1-9][0-9]+@.*") {
 				if (!is_user_in("credentials", "ld")) {
 					sl_send_reply("403", " no permission for LD ");
8a79b963
 					exit;
91301510
 				};
 			# the same for international calls (three zeros)
 			} else if (uri=~"sip:000[1-9][0-9]+@.*") {
 				if (!is_user_in("credentials", "int")) {
 					sl_send_reply("403", "International permissions needed");
8a79b963
 					exit;
91301510
 				};
 			# everything else (e.g., interplanetary calls) is denied
 			} else {
 				sl_send_reply("403", "Forbidden");
8a79b963
 				exit;
91301510
 			};
 
 		}; # INVITE to authorized PSTN
 
 	}; # authorized PSTN
 
 	# if you have passed through all the checks, let your call go to GW!
 
 	rewritehostport("192.168.0.10:5060");
 
 	# forward the request now
 	if (!t_relay()) {
 		sl_reply_error(); 
8a79b963
 		exit; 
91301510
 	};
 
 }