Browse code

outbound: add flow_token_secret param

- calculate ob_key as SHA1(flow_token_secret) if specified
- keep old behavior with randomly generated ob_key if not specified

Michael Furmur authored on 16/01/2021 16:26:15 • Daniel-Constantin Mierla committed on 27/07/2021 13:54:34
Showing 1 changed files
... ...
@@ -499,6 +499,28 @@ modparam("outbound", "force_no_outbound_flag", 2)
499 499
 		</example>
500 500
 	</section>
501 501
 
502
+	<section>
503
+		<title><varname>flow_token_secret</varname> (string)</title>
504
+		<para>
505
+			Secret phrase used to calculate the outbound key value
506
+			used for flow tokens validation.
507
+			Allows to set persistent outbound key.
508
+		</para>
509
+		<para>
510
+			If not specified, <emphasis>outbound</emphasis> will use randomly generated outbound key
511
+		</para>
512
+		<example>
513
+			<title>
514
+				Set <varname>flow_token_secret</varname> parameter
515
+			</title>
516
+			<programlisting format="linespecific">
517
+...
518
+modparam("outbound", "flow_token_secret", "johndoessecretphrase")
519
+...
520
+			</programlisting>
521
+		</example>
522
+	</section>
523
+
502 524
 	</section>
503 525
 
504 526
 </chapter>
Browse code

outbound Remove MI modules from example configurations in README

Olle E. Johansson authored on 05/01/2017 20:52:35
Showing 1 changed files
... ...
@@ -17,7 +17,7 @@
17 17
 	<title>Overview</title>
18 18
 	<para>This module provides C-API functions to enable &kamailio; to be
19 19
 	used as an outbound Edge Proxy (see &rfc5626; section 5).</para>
20
-	<para>The <emphasis>path</emphasis> and <emphasis>rr</emphasis> will
20
+	<para>The <emphasis>path</emphasis> and <emphasis>rr</emphasis> modules will
21 21
 	bind to this module if it is loaded before they are.</para>
22 22
 	<section>
23 23
 		<title>Edge Proxy Keep-Alives (STUN)</title>
... ...
@@ -84,17 +84,12 @@ loadmodule "maxfwd.so"
84 84
 loadmodule "xlog.so"
85 85
 loadmodule "sanity.so"
86 86
 loadmodule "ctl.so"
87
-loadmodule "mi_rpc.so"
88
-loadmodule "mi_fifo.so"
89 87
 loadmodule "textops.so"
90 88
 loadmodule "siputils.so"
91 89
 loadmodule "stun.so"
92 90
 
93 91
 # ----------------- setting module-specific parameters ---------------
94 92
 
95
-# ----- mi_fifo params -----
96
-modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
97
-
98 93
 # ----- tm params -----
99 94
 modparam("tm", "failure_reply_mode", 3)
100 95
 
... ...
@@ -255,8 +250,6 @@ loadmodule "maxfwd.so"
255 250
 loadmodule "xlog.so"
256 251
 loadmodule "sanity.so"
257 252
 loadmodule "ctl.so"
258
-loadmodule "mi_rpc.so"
259
-loadmodule "mi_fifo.so"
260 253
 loadmodule "textops.so"
261 254
 loadmodule "siputils.so"
262 255
 loadmodule "usrloc.so"
... ...
@@ -264,9 +257,6 @@ loadmodule "registrar.so"
264 257
 
265 258
 # ----------------- setting module-specific parameters ---------------
266 259
 
267
-# ----- mi_fifo params -----
268
-modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
269
-
270 260
 
271 261
 # ----- tm params -----
272 262
 modparam("tm", "failure_reply_mode", 3)
Browse code

outbound: removed references to lib kmi - not used

Daniel-Constantin Mierla authored on 02/01/2017 12:52:50
Showing 1 changed files
... ...
@@ -10,9 +10,9 @@
10 10
 <!-- Module User's Guide -->
11 11
 
12 12
 <chapter>
13
-	
13
+
14 14
 	<title>&adminguide;</title>
15
-	
15
+
16 16
 	<section>
17 17
 	<title>Overview</title>
18 18
 	<para>This module provides C-API functions to enable &kamailio; to be
... ...
@@ -511,15 +511,5 @@ modparam("outbound", "force_no_outbound_flag", 2)
511 511
 
512 512
 	</section>
513 513
 
514
-	<section>
515
-	<title>Functions</title>
516
-	<para><emphasis>None</emphasis></para>
517
-	</section>
518
-
519
-	<section>
520
-	<title>MI Commands</title>
521
-	<para><emphasis>None</emphasis></para>
522
-	</section>
523
-
524 514
 </chapter>
525 515
 
Browse code

doc, modules: updated the path to docbook entities and spec files

Daniel-Constantin Mierla authored on 07/12/2016 14:24:32
Showing 1 changed files
... ...
@@ -3,7 +3,7 @@
3 3
 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 4
 
5 5
 <!-- Include general documentation entities -->
6
-<!ENTITY % docentities SYSTEM "../../../docbook/entities.xml">
6
+<!ENTITY % docentities SYSTEM "../../../../doc/docbook/entities.xml">
7 7
 %docentities;
8 8
 
9 9
 ]>
Browse code

core, lib, modules: restructured source code tree

- new folder src/ to hold the source code for main project applications
- main.c is in src/
- all core files are subfolder are in src/core/
- modules are in src/modules/
- libs are in src/lib/
- application Makefiles are in src/
- application binary is built in src/ (src/kamailio)

Daniel-Constantin Mierla authored on 07/12/2016 11:03:51
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,525 @@
1
+<?xml version="1.0" encoding='ISO-8859-1'?>
2
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4
+
5
+<!-- Include general documentation entities -->
6
+<!ENTITY % docentities SYSTEM "../../../docbook/entities.xml">
7
+%docentities;
8
+
9
+]>
10
+<!-- Module User's Guide -->
11
+
12
+<chapter>
13
+	
14
+	<title>&adminguide;</title>
15
+	
16
+	<section>
17
+	<title>Overview</title>
18
+	<para>This module provides C-API functions to enable &kamailio; to be
19
+	used as an outbound Edge Proxy (see &rfc5626; section 5).</para>
20
+	<para>The <emphasis>path</emphasis> and <emphasis>rr</emphasis> will
21
+	bind to this module if it is loaded before they are.</para>
22
+	<section>
23
+		<title>Edge Proxy Keep-Alives (STUN)</title>
24
+		<para>Outbound Edge Proxies MUST support STUN NAT keep-alives
25
+		on their SIP UDP ports. &kamailio; supports this though the
26
+		<quote>stun</quote> module.</para>
27
+	</section>
28
+	<section>
29
+		<title>Flow Timer</title>
30
+		<para>The maximum interval at which a User Agent must send a
31
+		keep-alive may be specified by the Registrar using the
32
+		Flow-Timer: header in 2xx responses to REGISTERs.</para>
33
+		<para>When using TCP or TLS as the SIP transport care should
34
+		be taken to set the <quote>tcp_connection_lifetime</quote>
35
+		on the Edge Proxy to a value slightly larger than the interval
36
+		the Registrar is using for flow timer. Setting
37
+		<quote>tcp_connection_lifetime</quote> to less than the
38
+		interval could cause connections to be lost, and setting it
39
+		to a value much larger than the interval will keep connections
40
+		open far longer than is required (which is wasteful).</para>
41
+		<para>Application-layer keep-alives are optional when the
42
+		underlying transport already has a keep-alive mechanism. The
43
+		WebSocket transport has a transport-layer keep-alive. When
44
+		using the WebSocket transport the
45
+		<quote>keepalive_timeout</quote> should be set to a value
46
+		a little greater than the Registrar flow timer interval and a
47
+		little less than the <quote>tcp_connection_lifetime</quote>.
48
+		</para>
49
+	</section>
50
+	<example>
51
+	<title>Edge Proxy Configuration</title>
52
+	<programlisting><![CDATA[
53
+#!KAMAILIO
54
+#
55
+# Edge proxy configuration
56
+#
57
+
58
+#!subst "/REGISTRAR_IP/192.168.122.3/"
59
+#!subst "/REGISTRAR_PORT/5060/"
60
+#!substdef "/FLOW_TIMER/20/"
61
+
62
+####### Global Parameters #########
63
+
64
+debug=2
65
+log_stderror=no
66
+log_facility=LOG_LOCAL0
67
+fork=yes
68
+children=4
69
+alias="example.com"
70
+mpath="/usr/lib64/kamailio/modules"
71
+tcp_connection_lifetime=30 # FLOW_TIMER + 10
72
+force_rport=yes
73
+
74
+
75
+####### Modules Section ########
76
+
77
+loadmodule "tm.so"
78
+loadmodule "sl.so"
79
+loadmodule "outbound.so"
80
+loadmodule "rr.so"
81
+loadmodule "path.so"
82
+loadmodule "pv.so"
83
+loadmodule "maxfwd.so"
84
+loadmodule "xlog.so"
85
+loadmodule "sanity.so"
86
+loadmodule "ctl.so"
87
+loadmodule "mi_rpc.so"
88
+loadmodule "mi_fifo.so"
89
+loadmodule "textops.so"
90
+loadmodule "siputils.so"
91
+loadmodule "stun.so"
92
+
93
+# ----------------- setting module-specific parameters ---------------
94
+
95
+# ----- mi_fifo params -----
96
+modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
97
+
98
+# ----- tm params -----
99
+modparam("tm", "failure_reply_mode", 3)
100
+
101
+# ----- rr params -----
102
+modparam("rr", "append_fromtag", 0)
103
+
104
+
105
+####### Routing Logic ########
106
+
107
+request_route {
108
+	route(REQINIT);
109
+
110
+	if (is_method("CANCEL")) {
111
+		if (t_check_trans()) {
112
+			route(RELAY);
113
+		}
114
+		exit;
115
+	}
116
+
117
+	route(WITHINDLG);
118
+
119
+	t_check_trans();
120
+
121
+	if (is_method("REGISTER")) {
122
+		remove_hf("Route");
123
+		add_path();
124
+		$du = "sip:REGISTRAR_IP:REGISTRAR_PORT";
125
+	} else {
126
+		if (is_method("INVITE|SUBSCRIBE"))
127
+			record_route();
128
+
129
+		if (@via[2] == "") {
130
+			# From client so route to registrar...
131
+
132
+			if ($rU == $null) {
133
+				sl_send_reply("484", "Address Incomplete");
134
+				exit;
135
+			}
136
+			remove_hf("Route");
137
+			$du = "sip:REGISTRAR_IP:REGISTRAR_PORT";
138
+		} else {
139
+			# From registrar so route using "Route:" headers...
140
+
141
+			if (!loose_route()) {
142
+				switch($rc) {
143
+				case -2:
144
+					sl_send_reply("403", "Forbidden");
145
+					exit;
146
+				default:
147
+					xlog("L_ERR", "in request_route\n");
148
+					sl_reply_error();
149
+					exit;
150
+				}
151
+			}
152
+
153
+			t_on_failure("FAIL_OUTBOUND");
154
+		}
155
+	}
156
+
157
+	route(RELAY);
158
+}
159
+
160
+route[RELAY] {
161
+	if (!t_relay()) {
162
+		sl_reply_error();
163
+	}
164
+	exit;
165
+}
166
+
167
+route[REQINIT] {
168
+	if (!mf_process_maxfwd_header("10")) {
169
+		sl_send_reply("483","Too Many Hops");
170
+		exit;
171
+	}
172
+
173
+	if(!sanity_check("1511", "7"))
174
+	{
175
+		xlog("Malformed SIP message from $si:$sp\n");
176
+		exit;
177
+	}
178
+}
179
+
180
+route[WITHINDLG] {
181
+	if (has_totag()) {
182
+		if (!loose_route()) {
183
+			switch($rc) {
184
+			case -2:
185
+				sl_send_reply("403", "Forbidden");
186
+				exit;
187
+			default:
188
+				if (is_method("ACK")) {
189
+					if ( t_check_trans() ) {
190
+						route(RELAY);
191
+						exit;
192
+					} else {
193
+						exit;
194
+					}
195
+				}
196
+				sl_send_reply("404","Not Found");
197
+			}
198
+		} else {
199
+			if (is_method("NOTIFY")) {
200
+				record_route();
201
+			}
202
+			route(RELAY);
203
+		}
204
+		exit;
205
+	}
206
+}
207
+
208
+onreply_route {
209
+	if (!t_check_trans()) {
210
+		drop;
211
+	}
212
+
213
+	if ($rm == "REGISTER" && $rs >= 200 && $rs <= 299) {
214
+		remove_hf("Flow-Timer");
215
+		if ($(hdr(Require)[*])=~"outbound")
216
+			insert_hf("Flow-Timer: FLOW_TIMER\r\n", "Call-ID");
217
+	}
218
+}
219
+
220
+failure_route[FAIL_OUTBOUND] {
221
+	if (t_branch_timeout() || !t_branch_replied()) {
222
+		send_reply("430", "Flow Failed");
223
+	}
224
+}
225
+]]></programlisting>
226
+	</example>
227
+	<example>
228
+	<title>Registrar Configuration</title>
229
+	<programlisting><![CDATA[
230
+MAILIO
231
+#
232
+# Registrar configuration
233
+#
234
+
235
+
236
+####### Global Parameters #########
237
+
238
+debug=2
239
+log_stderror=no
240
+log_facility=LOG_LOCAL0
241
+fork=yes
242
+children=4
243
+alias="example.com"
244
+mpath="/usr/lib64/kamailio/modules"
245
+
246
+
247
+####### Modules Section ########
248
+
249
+loadmodule "tm.so"
250
+loadmodule "tmx.so"
251
+loadmodule "sl.so"
252
+loadmodule "rr.so"
253
+loadmodule "pv.so"
254
+loadmodule "maxfwd.so"
255
+loadmodule "xlog.so"
256
+loadmodule "sanity.so"
257
+loadmodule "ctl.so"
258
+loadmodule "mi_rpc.so"
259
+loadmodule "mi_fifo.so"
260
+loadmodule "textops.so"
261
+loadmodule "siputils.so"
262
+loadmodule "usrloc.so"
263
+loadmodule "registrar.so"
264
+
265
+# ----------------- setting module-specific parameters ---------------
266
+
267
+# ----- mi_fifo params -----
268
+modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
269
+
270
+
271
+# ----- tm params -----
272
+modparam("tm", "failure_reply_mode", 3)
273
+modparam("tm", "restart_fr_on_each_reply", 0)
274
+modparam("tm", "contact_flows_avp", "tm_contact_flows")
275
+modparam("tm", "contacts_avp", "tm_contacts")
276
+
277
+# ----- rr params -----
278
+modparam("rr", "append_fromtag", 0)
279
+
280
+# ----- registrar params -----
281
+modparam("registrar", "use_path", 1)
282
+modparam("registrar", "gruu_enabled", 1)
283
+modparam("registrar", "outbound_mode", 1)
284
+
285
+
286
+####### Routing Logic ########
287
+
288
+request_route {
289
+	route(REQINIT);
290
+
291
+	if (is_method("CANCEL")) {
292
+		if (t_check_trans()) {
293
+			route(RELAY);
294
+		}
295
+		exit;
296
+	}
297
+
298
+	route(WITHINDLG);
299
+
300
+	t_check_trans();
301
+
302
+	remove_hf("Route");
303
+	if (is_method("INVITE|SUBSCRIBE"))
304
+		record_route();
305
+
306
+	route(REGISTRAR);
307
+
308
+	if ($rU==$null) {
309
+		xlog("L_INFO", "Address Incomplete\n");
310
+		send_reply("484","Address Incomplete");
311
+		exit;
312
+	}
313
+
314
+	route(LOCATION);
315
+}
316
+
317
+
318
+route[RELAY] {
319
+	if (!t_relay()) {
320
+		xlog("L_ERR", "t_relay() failed\n");
321
+		sl_reply_error();
322
+	}
323
+	exit;
324
+}
325
+
326
+route[REQINIT] {
327
+	if (!mf_process_maxfwd_header("10")) {
328
+		xlog("L_INFO", "Too Many Hops\n");
329
+		send_reply("483","Too Many Hops");
330
+		exit;
331
+	}
332
+
333
+	if(!sanity_check("1511", "7"))
334
+	{
335
+		xlog("Malformed SIP message from $si:$sp\n");
336
+		exit;
337
+	}
338
+}
339
+
340
+route[WITHINDLG] {
341
+	if (has_totag()) {
342
+		if (loose_route()) {
343
+			if (is_method("NOTIFY")) {
344
+				record_route();
345
+			}
346
+			route(RELAY);
347
+		} else {
348
+			if (is_method("ACK")) {
349
+				if (t_check_trans()) {
350
+					route(RELAY);
351
+					exit;
352
+				} else {
353
+					exit;
354
+				}
355
+			}
356
+			xlog("L_INFO", "Not Found");
357
+			send_reply("404","Not Found");
358
+		}
359
+		exit;
360
+	}
361
+}
362
+
363
+route[REGISTRAR] {
364
+	if (is_method("REGISTER"))
365
+	{
366
+		if (!save("location")) {
367
+			xlog("L_ERR", "Unable to save location\n");
368
+			sl_reply_error();
369
+		}
370
+		exit;
371
+	}
372
+}
373
+
374
+route[LOCATION] {
375
+	if (!lookup("location")) {
376
+		$var(rc) = $rc;
377
+		t_newtran();
378
+		switch ($var(rc)) {
379
+			case -1:
380
+			case -3:
381
+				send_reply("404", "Not Found");
382
+				exit;
383
+			case -2:
384
+				send_reply("405", "Method Not Allowed");
385
+				exit;
386
+		}
387
+	}
388
+
389
+	if (!t_load_contacts() || !t_next_contacts()) {
390
+		xlog("L_ERR", "t_(load|next)_contacts() failed\n");
391
+		sl_reply_error();
392
+		exit;
393
+	}
394
+
395
+	t_on_failure("FAIL_TRANSACTION");
396
+	t_on_branch_failure("FAIL-BRANCH");
397
+	route(RELAY);
398
+	exit;
399
+}
400
+
401
+onreply_route {
402
+	if (!t_check_trans()) {
403
+		drop;
404
+	}
405
+}
406
+
407
+failure_route[FAIL_TRANSACTION] {
408
+	if (!t_check_status("6[0-9][0-9]")) {
409
+		if (t_next_contacts()) {
410
+			t_relay();
411
+			exit;
412
+		}
413
+	}
414
+
415
+	if (t_check_status("430")) {
416
+		t_reply("480", "Temporarily Unavailable");
417
+		exit;
418
+	}
419
+}
420
+
421
+event_route[tm:branch-failure:FAIL-BRANCH] {
422
+	if (t_check_status("403|430")
423
+			|| (t_branch_timeout() && !t_branch_replied())) {
424
+		unregister("location", "$tu", "$T_reply_ruid");
425
+
426
+		if (t_next_contact_flow()) {
427
+			t_on_branch_failure("FAIL-BRANCH");
428
+			t_relay();
429
+		}
430
+	}
431
+}
432
+]]></programlisting>
433
+	</example>
434
+	</section>
435
+
436
+	<section>
437
+	<title>Dependencies</title>
438
+	<section>
439
+		<title>&kamailio; Modules</title>
440
+		<para>
441
+		The following modules must be loaded before this module:
442
+		<itemizedlist>
443
+		<listitem>
444
+		<para><emphasis>None</emphasis></para>
445
+		</listitem>
446
+		</itemizedlist>
447
+		</para>
448
+		<para>
449
+		The following modules are required to make proper use of this
450
+		module:
451
+		<itemizedlist>
452
+		<listitem>
453
+		<para><emphasis>stun</emphasis>.</para>
454
+		</listitem>
455
+		</itemizedlist>
456
+		</para>
457
+	</section>
458
+
459
+	<section>
460
+		<title>External Libraries or Applications</title>
461
+		<para>
462
+		The following libraries must be installed before running
463
+		&kamailio; with this module loaded:
464
+		<itemizedlist>
465
+		<listitem>
466
+		<para><emphasis>&openssl;</emphasis>.</para>
467
+		</listitem>
468
+		</itemizedlist>
469
+		</para>
470
+	</section>
471
+	</section>
472
+
473
+
474
+	<section>
475
+	<title>Parameters</title>
476
+	<section>
477
+		<title><varname>force_outbound_flag</varname> (integer)</title>
478
+		<para>A flag which, if set for a request, will force
479
+		<emphasis>path</emphasis> and <emphasis>rr</emphasis> to add
480
+		flow tokens to Path: and Record-Route: headers regardless of
481
+		the request contents.</para>
482
+		<para><emphasis>Default value is -1.</emphasis></para>
483
+		<example>
484
+		<title>Set <varname>force_outbound_flag</varname> parameter
485
+		</title>
486
+		<programlisting format="linespecific">
487
+...
488
+modparam("outbound", "force_outbound_flag", 1)
489
+...
490
+</programlisting>
491
+		</example>
492
+	</section>
493
+
494
+	<section>
495
+		<title><varname>force_no_outbound_flag</varname> (integer)</title>
496
+		<para>A flag which, if set for a request, will force
497
+		<emphasis>path</emphasis> and <emphasis>rr</emphasis> not
498
+		to add flow tokens to Path: and Record-Route: headers
499
+		regardless of the request contents.</para>
500
+		<para><emphasis>Default value is -1.</emphasis></para>
501
+		<example>
502
+		<title>Set <varname>force_no_outbound_flag</varname> parameter
503
+		</title>
504
+		<programlisting format="linespecific">
505
+...
506
+modparam("outbound", "force_no_outbound_flag", 2)
507
+...
508
+</programlisting>
509
+		</example>
510
+	</section>
511
+
512
+	</section>
513
+
514
+	<section>
515
+	<title>Functions</title>
516
+	<para><emphasis>None</emphasis></para>
517
+	</section>
518
+
519
+	<section>
520
+	<title>MI Commands</title>
521
+	<para><emphasis>None</emphasis></para>
522
+	</section>
523
+
524
+</chapter>
525
+