Browse code

update mailing list URL

Victor Seva authored on 23/08/2018 14:59:11
Showing 1 changed files
... ...
@@ -4,7 +4,7 @@
4 4
 #     - web: http://www.kamailio.org
5 5
 #     - git: http://sip-router.org
6 6
 #
7
-# Direct your questions about this file to: <sr-users@lists.sip-router.org>
7
+# Direct your questions about this file to: <sr-users@lists.kamailio.org>
8 8
 #
9 9
 # Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
10 10
 # for an explanation of possible statements, functions and parameters.
Browse code

core, lib, modules: restructured source code tree

- new folder src/ to hold the source code for main project applications
- main.c is in src/
- all core files are subfolder are in src/core/
- modules are in src/modules/
- libs are in src/lib/
- application Makefiles are in src/
- application binary is built in src/ (src/kamailio)

Daniel-Constantin Mierla authored on 07/12/2016 11:03:51
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,847 @@
1
+#!KAMAILIO
2
+#
3
+# Kamailio (OpenSER) SIP Server v3.1 - default configuration script
4
+#     - web: http://www.kamailio.org
5
+#     - git: http://sip-router.org
6
+#
7
+# Direct your questions about this file to: <sr-users@lists.sip-router.org>
8
+#
9
+# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
10
+# for an explanation of possible statements, functions and parameters.
11
+#
12
+# Several features can be enabled using '#!define WITH_FEATURE' directives:
13
+#
14
+# *** To run in debug mode: 
15
+#     - define WITH_DEBUG
16
+#
17
+# *** To enable mysql: 
18
+#     - define WITH_MYSQL
19
+#
20
+# *** To enable authentication execute:
21
+#     - enable mysql
22
+#     - define WITH_AUTH
23
+#     - add users using 'kamctl'
24
+#
25
+# *** To enable IP authentication execute:
26
+#     - enable mysql
27
+#     - enable authentication
28
+#     - define WITH_IPAUTH
29
+#     - add IP addresses with group id '1' to 'address' table
30
+#
31
+# *** To enable persistent user location execute:
32
+#     - enable mysql
33
+#     - define WITH_USRLOCDB
34
+#
35
+# *** To enable presence server execute:
36
+#     - enable mysql
37
+#     - define WITH_PRESENCE
38
+#
39
+# *** To enable nat traversal execute:
40
+#     - define WITH_NAT
41
+#     - install RTPProxy: http://www.rtpproxy.org
42
+#     - start RTPProxy:
43
+#        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
44
+#
45
+# *** To enable PSTN gateway routing execute:
46
+#     - define WITH_PSTN
47
+#     - set the value of pstn.gw_ip
48
+#     - check route[PSTN] for regexp routing condition
49
+#
50
+# *** To enable database aliases lookup execute:
51
+#     - enable mysql
52
+#     - define WITH_ALIASDB
53
+#
54
+# *** To enable multi-domain support execute:
55
+#     - enable mysql
56
+#     - define WITH_MULTIDOMAIN
57
+#
58
+# *** To enable TLS support execute:
59
+#     - adjust CFGDIR/tls.cfg as needed
60
+#     - define WITH_TLS
61
+#
62
+# *** To enable XMLRPC support execute:
63
+#     - define WITH_XMLRPC
64
+#     - adjust route[XMLRPC] for access policy
65
+#
66
+# *** To enable anti-flood detection execute:
67
+#     - adjust pike and htable=>ipban settings as needed (default is
68
+#       block if more than 16 requests in 2 seconds and ban for 300 seconds)
69
+#     - define WITH_ANTIFLOOD
70
+#
71
+# *** To enhance accounting execute:
72
+#     - enable mysql
73
+#     - define WITH_ACCDB
74
+#     - add following columns to database
75
+#!ifdef ACCDB_COMMENT
76
+  ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
77
+  ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
78
+  ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
79
+  ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
80
+  ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
81
+  ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
82
+  ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
83
+  ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
84
+  ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
85
+  ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
86
+#!endif
87
+
88
+####### Defined Values #########
89
+# *** Value defines - IDs used later in config
90
+#!ifdef WITH_MYSQL
91
+# - database URL - used to connect to database server by modules such
92
+#       as: auth_db, acc, usrloc, a.s.o.
93
+
94
+
95
+#!endif
96
+#!ifdef WITH_MULTIDOMAIN
97
+# - the value for 'use_domain' parameters
98
+#!define MULTIDOMAIN 1
99
+#!else
100
+#!define MULTIDOMAIN 0
101
+#!endif
102
+
103
+# - flags
104
+#   FLT_ - per transaction (message) flags
105
+#	FLB_ - per branch flags
106
+#!define FLT_ACC 1
107
+#!define FLT_ACCMISSED 2
108
+#!define FLT_ACCFAILED 3
109
+#!define FLT_NATS 5
110
+
111
+#!define FLB_NATB 6
112
+#!define FLB_NATSIPPING 7
113
+
114
+# my defines
115
+#!define WITH_DEBUG
116
+#!define LOCAL_TEST_RUN
117
+#!define WITH_AUTH
118
+#!define DBURL "cassandra://:@127.0.0.1:9160/kamailio"
119
+
120
+####### Global Parameters #########
121
+
122
+#!ifdef WITH_DEBUG
123
+debug=5
124
+log_stderror=yes
125
+#!else
126
+debug=2
127
+log_stderror=no
128
+#!endif
129
+
130
+memdbg=7
131
+memlog=7
132
+
133
+log_facility=LOG_LOCAL0
134
+
135
+fork=yes
136
+children=4
137
+
138
+/* uncomment the next line to disable TCP (default on) */
139
+#disable_tcp=yes
140
+
141
+/* uncomment the next line to disable the auto discovery of local aliases
142
+   based on reverse DNS on IPs (default on) */
143
+#auto_aliases=no
144
+
145
+/* add local domain aliases */
146
+#alias="sip.mydomain.com"
147
+
148
+/* uncomment and configure the following line if you want Kamailio to 
149
+   bind on a specific interface/port/proto (default bind on all available) */
150
+
151
+listen=udp:10.10.10.10:5060
152
+/* port to listen to
153
+ * - can be specified more than once if needed to listen on many ports */
154
+#port=5060
155
+
156
+#!ifdef WITH_TLS
157
+enable_tls=yes
158
+#!endif
159
+
160
+####### Custom Parameters #########
161
+
162
+# These parameters can be modified runtime via RPC interface
163
+# - see the documentation of 'cfg_rpc' module.
164
+#
165
+# Format: group.id = value 'desc' description
166
+# Access: $sel(cfg_get.group.id) or @cfg_get.group.id
167
+#
168
+
169
+#!ifdef WITH_PSTN
170
+# PSTN GW Routing
171
+#
172
+# - pstn.gw_ip: valid IP or hostname as string value, example:
173
+# pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
174
+#
175
+# - by default is empty to avoid misrouting
176
+pstn.gw_ip = "" desc "PSTN GW Address"
177
+#!endif
178
+
179
+
180
+####### Modules Section ########
181
+
182
+# set paths to location of modules
183
+#!ifdef LOCAL_TEST_RUN
184
+mpath="modules_k:modules"
185
+#!else
186
+mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
187
+#!endif
188
+
189
+#!ifdef WITH_MYSQL
190
+loadmodule "db_mysql.so"
191
+#!endif
192
+
193
+#my modules
194
+loadmodule "db_cassandra.so"
195
+
196
+loadmodule "mi_fifo.so"
197
+loadmodule "kex.so"
198
+loadmodule "tm.so"
199
+loadmodule "tmx.so"
200
+loadmodule "sl.so"
201
+loadmodule "rr.so"
202
+loadmodule "pv.so"
203
+loadmodule "maxfwd.so"
204
+loadmodule "usrloc.so"
205
+loadmodule "registrar.so"
206
+loadmodule "textops.so"
207
+loadmodule "siputils.so"
208
+loadmodule "xlog.so"
209
+loadmodule "sanity.so"
210
+loadmodule "ctl.so"
211
+loadmodule "mi_rpc.so"
212
+loadmodule "acc.so"
213
+
214
+#!ifdef WITH_AUTH
215
+loadmodule "auth.so"
216
+loadmodule "auth_db.so"
217
+#!ifdef WITH_IPAUTH
218
+loadmodule "permissions.so"
219
+#!endif
220
+#!endif
221
+
222
+#!ifdef WITH_ALIASDB
223
+loadmodule "alias_db.so"
224
+#!endif
225
+
226
+#!ifdef WITH_MULTIDOMAIN
227
+loadmodule "domain.so"
228
+#!endif
229
+
230
+#!ifdef WITH_PRESENCE
231
+loadmodule "presence.so"
232
+loadmodule "presence_xml.so"
233
+#!endif
234
+
235
+#!ifdef WITH_NAT
236
+loadmodule "nathelper.so"
237
+loadmodule "rtpproxy.so"
238
+#!endif
239
+
240
+#!ifdef WITH_TLS
241
+loadmodule "tls.so"
242
+#!endif
243
+
244
+#!ifdef WITH_ANTIFLOOD
245
+loadmodule "htable.so"
246
+loadmodule "pike.so"
247
+#!endif
248
+
249
+#!ifdef WITH_XMLRPC
250
+loadmodule "xmlrpc.so"
251
+#!endif
252
+
253
+
254
+# ----------------- setting module-specific parameters ---------------
255
+
256
+
257
+# ----- mi_fifo params -----
258
+modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
259
+
260
+
261
+# ----- tm params -----
262
+# auto-discard branches from previous serial forking leg
263
+modparam("tm", "failure_reply_mode", 3)
264
+# default retransmission timeout: 30sec
265
+modparam("tm", "fr_timer", 30000)
266
+# default invite retransmission timeout after 1xx: 120sec
267
+modparam("tm", "fr_inv_timer", 120000)
268
+
269
+
270
+# ----- rr params -----
271
+# add value to ;lr param to cope with most of the UAs
272
+modparam("rr", "enable_full_lr", 1)
273
+# do not append from tag to the RR (no need for this script)
274
+modparam("rr", "append_fromtag", 0)
275
+
276
+
277
+# ----- registrar params -----
278
+modparam("registrar", "method_filtering", 1)
279
+/* uncomment the next line to disable parallel forking via location */
280
+# modparam("registrar", "append_branches", 0)
281
+/* uncomment the next line not to allow more than 10 contacts per AOR */
282
+#modparam("registrar", "max_contacts", 10)
283
+modparam("registrar", "max_expires", 120)
284
+
285
+
286
+# ----- acc params -----
287
+/* what special events should be accounted ? */
288
+modparam("acc", "early_media", 0)
289
+modparam("acc", "report_ack", 0)
290
+modparam("acc", "report_cancels", 0)
291
+/* by default ww do not adjust the direct of the sequential requests.
292
+   if you enable this parameter, be sure the enable "append_fromtag"
293
+   in "rr" module */
294
+modparam("acc", "detect_direction", 0)
295
+/* account triggers (flags) */
296
+modparam("acc", "log_flag", FLT_ACC)
297
+modparam("acc", "log_missed_flag", FLT_ACCMISSED)
298
+modparam("acc", "log_extra", 
299
+	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
300
+modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
301
+/* enhanced DB accounting */
302
+#!ifdef WITH_ACCDB
303
+modparam("acc", "db_flag", FLT_ACC)
304
+modparam("acc", "db_missed_flag", FLT_ACCMISSED)
305
+modparam("acc", "db_url", DBURL)
306
+modparam("acc", "db_extra",
307
+	"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
308
+#!endif
309
+
310
+
311
+# ----- usrloc params -----
312
+/* enable DB persistency for location entries */
313
+modparam("usrloc", "db_url", DBURL)
314
+modparam("usrloc", "db_mode", 3)
315
+modparam("usrloc", "db_update_as_insert", 1)
316
+modparam("usrloc", "timer_interval", 0)
317
+#modparam("usrloc", "use_domain", MULTIDOMAIN)
318
+
319
+
320
+# ----- auth_db params -----
321
+#!ifdef WITH_AUTH
322
+modparam("auth_db", "db_url", DBURL)
323
+modparam("auth_db", "calculate_ha1", yes)
324
+modparam("auth_db", "password_column", "password")
325
+modparam("auth_db", "load_credentials", "")
326
+#modparam("auth_db", "use_domain", MULTIDOMAIN)
327
+
328
+# ----- permissions params -----
329
+#!ifdef WITH_IPAUTH
330
+modparam("permissions", "db_url", DBURL)
331
+modparam("permissions", "db_mode", 1)
332
+#!endif
333
+
334
+#!endif
335
+
336
+
337
+# ----- alias_db params -----
338
+#!ifdef WITH_ALIASDB
339
+modparam("alias_db", "db_url", DBURL)
340
+modparam("alias_db", "use_domain", MULTIDOMAIN)
341
+#!endif
342
+
343
+
344
+# ----- domain params -----
345
+#!ifdef WITH_MULTIDOMAIN
346
+modparam("domain", "db_url", DBURL)
347
+# use caching
348
+modparam("domain", "db_mode", 1)
349
+# register callback to match myself condition with domains list
350
+modparam("domain", "register_myself", 1)
351
+#!endif
352
+
353
+
354
+#!ifdef WITH_PRESENCE
355
+# ----- presence params -----
356
+modparam("presence", "db_url", DBURL)
357
+
358
+# ----- presence_xml params -----
359
+modparam("presence_xml", "db_url", DBURL)
360
+modparam("presence_xml", "force_active", 1)
361
+#!endif
362
+
363
+
364
+#!ifdef WITH_NAT
365
+# ----- rtpproxy params -----
366
+modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
367
+
368
+# ----- nathelper params -----
369
+modparam("nathelper", "natping_interval", 30)
370
+modparam("nathelper", "ping_nated_only", 1)
371
+modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
372
+modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org")
373
+
374
+# params needed for NAT traversal in other modules
375
+modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
376
+modparam("usrloc", "nat_bflag", FLB_NATB)
377
+#!endif
378
+
379
+
380
+#!ifdef WITH_TLS
381
+# ----- tls params -----
382
+modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
383
+#!endif
384
+
385
+#!ifdef WITH_ANTIFLOOD
386
+# ----- pike params -----
387
+modparam("pike", "sampling_time_unit", 2)
388
+modparam("pike", "reqs_density_per_unit", 16)
389
+modparam("pike", "remove_latency", 4)
390
+
391
+# ----- htable params -----
392
+# ip ban htable with autoexpire after 5 minutes
393
+modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
394
+#!endif
395
+
396
+#!ifdef WITH_XMLRPC
397
+# ----- xmlrpc params -----
398
+modparam("xmlrpc", "route", "XMLRPC");
399
+modparam("xmlrpc", "url_match", "^/RPC")
400
+#!endif
401
+
402
+# db_cassandra parameters
403
+modparam("db_cassandra", "schema_path", "/usr/local/sip-router/etc/kamctl/dbcassandra");
404
+
405
+# my parameters
406
+
407
+####### Routing Logic ########
408
+
409
+
410
+# Main SIP request routing logic
411
+# - processing of any incoming SIP request starts with this route
412
+route {
413
+
414
+	# per request initial checks
415
+	route(REQINIT);
416
+
417
+	# NAT detection
418
+	route(NAT);
419
+
420
+	# handle requests within SIP dialogs
421
+	route(WITHINDLG);
422
+
423
+	# CANCEL processing
424
+	if (is_method("CANCEL"))
425
+	{
426
+		if (t_check_trans())
427
+			t_relay();
428
+		exit;
429
+	}
430
+
431
+	t_check_trans();
432
+
433
+	# authentication
434
+	route(AUTH);
435
+
436
+	# record routing for dialog forming requests (in case they are routed)
437
+	# - remove preloaded route headers
438
+	remove_hf("Route");
439
+	if (is_method("INVITE|SUBSCRIBE"))
440
+		record_route();
441
+
442
+	# account only INVITEs
443
+	if (is_method("INVITE"))
444
+	{
445
+		setflag(FLT_ACC); # do accounting
446
+	}
447
+
448
+	# dispatch requests to foreign domains
449
+	route(SIPOUT);
450
+
451
+	### requests for my local domains
452
+
453
+	# handle presence related requests
454
+	route(PRESENCE);
455
+
456
+	# handle registrations
457
+	route(REGISTRAR);
458
+
459
+	if ($rU==$null)
460
+	{
461
+		# request with no Username in RURI
462
+		sl_send_reply("484","Address Incomplete");
463
+		exit;
464
+	}
465
+
466
+	# dispatch destinations to PSTN
467
+	route(PSTN);
468
+
469
+	# user location service
470
+	route(LOCATION);
471
+
472
+	route(RELAY);
473
+}
474
+
475
+
476
+route[RELAY] {
477
+#!ifdef WITH_NAT
478
+	if (check_route_param("nat=yes")) {
479
+		setbflag(FLB_NATB);
480
+	}
481
+	if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
482
+		route(RTPPROXY);
483
+	}
484
+#!endif
485
+
486
+	/* example how to enable some additional event routes */
487
+	if (is_method("INVITE")) {
488
+		#t_on_branch("BRANCH_ONE");
489
+		t_on_reply("REPLY_ONE");
490
+		t_on_failure("FAIL_ONE");
491
+	}
492
+
493
+	if (!t_relay()) {
494
+		sl_reply_error();
495
+	}
496
+	exit;
497
+}
498
+
499
+# Per SIP request initial checks
500
+route[REQINIT] {
501
+#!ifdef WITH_ANTIFLOOD
502
+	# flood dection from same IP and traffic ban for a while
503
+	# be sure you exclude checking trusted peers, such as pstn gateways
504
+	# - local host excluded (e.g., loop to self)
505
+	if(src_ip!=myself)
506
+	{
507
+		if($sht(ipban=>$si)!=$null)
508
+		{
509
+			# ip is already blocked
510
+			xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
511
+			exit;
512
+		}
513
+		if (!pike_check_req())
514
+		{
515
+			xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
516
+			$sht(ipban=>$si) = 1;
517
+			exit;
518
+		}
519
+	}
520
+#!endif
521
+
522
+	if (!mf_process_maxfwd_header("10")) {
523
+		sl_send_reply("483","Too Many Hops");
524
+		exit;
525
+	}
526
+
527
+	if(!sanity_check("1511", "7"))
528
+	{
529
+		xlog("Malformed SIP message from $si:$sp\n");
530
+		exit;
531
+	}
532
+}
533
+
534
+# Handle requests within SIP dialogs
535
+route[WITHINDLG] {
536
+	if (has_totag()) {
537
+		# sequential request withing a dialog should
538
+		# take the path determined by record-routing
539
+		if (loose_route()) {
540
+			if (is_method("BYE")) {
541
+				setflag(FLT_ACC); # do accounting ...
542
+				setflag(FLT_ACCFAILED); # ... even if the transaction fails
543
+			}
544
+			route(RELAY);
545
+		} else {
546
+			if (is_method("SUBSCRIBE") && uri == myself) {
547
+				# in-dialog subscribe requests
548
+				route(PRESENCE);
549
+				exit;
550
+			}
551
+			if ( is_method("ACK") ) {
552
+				if ( t_check_trans() ) {
553
+					# no loose-route, but stateful ACK;
554
+					# must be an ACK after a 487
555
+					# or e.g. 404 from upstream server
556
+					t_relay();
557
+					exit;
558
+				} else {
559
+					# ACK without matching transaction ... ignore and discard
560
+					exit;
561
+				}
562
+			}
563
+			sl_send_reply("404","Not here");
564
+		}
565
+		exit;
566
+	}
567
+}
568
+
569
+# Handle SIP registrations
570
+route[REGISTRAR] {
571
+	if (is_method("REGISTER"))
572
+	{
573
+		if(isflagset(FLT_NATS))
574
+		{
575
+			setbflag(FLB_NATB);
576
+			# uncomment next line to do SIP NAT pinging 
577
+			## setbflag(FLB_NATSIPPING);
578
+		}
579
+		if (!save("location"))
580
+			sl_reply_error();
581
+
582
+		exit;
583
+	}
584
+}
585
+
586
+# USER location service
587
+route[LOCATION] {
588
+
589
+#!ifdef WITH_ALIASDB
590
+	# search in DB-based aliases
591
+	alias_db_lookup("dbaliases");
592
+#!endif
593
+
594
+	if (!lookup("location")) {
595
+		switch ($rc) {
596
+			case -1:
597
+			case -3:
598
+				t_newtran();
599
+				t_reply("404", "Not Found");
600
+				exit;
601
+			case -2:
602
+				sl_send_reply("405", "Method Not Allowed");
603
+				exit;
604
+		}
605
+	}
606
+
607
+	# when routing via usrloc, log the missed calls also
608
+	if (is_method("INVITE"))
609
+	{
610
+		setflag(FLT_ACCMISSED);
611
+	}
612
+}
613
+
614
+# Presence server route
615
+route[PRESENCE] {
616
+	if(!is_method("PUBLISH|SUBSCRIBE"))
617
+		return;
618
+
619
+#!ifdef WITH_PRESENCE
620
+	if (!t_newtran())
621
+	{
622
+		sl_reply_error();
623
+		exit;
624
+	};
625
+
626
+	if(is_method("PUBLISH"))
627
+	{
628
+		handle_publish();
629
+		t_release();
630
+	}
631
+	else
632
+	if( is_method("SUBSCRIBE"))
633
+	{
634
+		handle_subscribe();
635
+		t_release();
636
+	}
637
+	exit;
638
+#!endif
639
+	
640
+	# if presence enabled, this part will not be executed
641
+	if (is_method("PUBLISH") || $rU==$null)
642
+	{
643
+		sl_send_reply("404", "Not here");
644
+		exit;
645
+	}
646
+	return;
647
+}
648
+
649
+# Authentication route
650
+route[AUTH] {
651
+#!ifdef WITH_AUTH
652
+	if (is_method("REGISTER"))
653
+	{
654
+		# authenticate the REGISTER requests (uncomment to enable auth)
655
+		if (!www_authorize("$td", "subscriber"))
656
+		{
657
+			www_challenge("$td", "0");
658
+			exit;
659
+		}
660
+
661
+		if ($au!=$tU)
662
+		{
663
+			sl_send_reply("403","Forbidden auth ID");
664
+			exit;
665
+		}
666
+	} else {
667
+
668
+#!ifdef WITH_IPAUTH
669
+		if(allow_source_address())
670
+		{
671
+			# source IP allowed
672
+			return;
673
+		}
674
+#!endif
675
+
676
+		# authenticate if from local subscriber
677
+		if (from_uri==myself)
678
+		{
679
+			if (!proxy_authorize("$fd", "subscriber")) {
680
+				proxy_challenge("$fd", "0");
681
+				exit;
682
+			}
683
+			if (is_method("PUBLISH"))
684
+			{
685
+				if ($au!=$tU) {
686
+					sl_send_reply("403","Forbidden auth ID");
687
+					exit;
688
+				}
689
+			} else {
690
+				if ($au!=$fU) {
691
+					sl_send_reply("403","Forbidden auth ID");
692
+					exit;
693
+				}
694
+			}
695
+
696
+			consume_credentials();
697
+			# caller authenticated
698
+		} else {
699
+			# caller is not local subscriber, then check if it calls
700
+			# a local destination, otherwise deny, not an open relay here
701
+			if (!uri==myself)
702
+			{
703
+				sl_send_reply("403","Not relaying");
704
+				exit;
705
+			}
706
+		}
707
+	}
708
+#!endif
709
+	return;
710
+}
711
+
712
+# Caller NAT detection route
713
+route[NAT] {
714
+#!ifdef WITH_NAT
715
+	force_rport();
716
+	if (nat_uac_test("19")) {
717
+		if (method=="REGISTER") {
718
+			fix_nated_register();
719
+		} else {
720
+			fix_nated_contact();
721
+		}
722
+		setflag(FLT_NATS);
723
+	}
724
+#!endif
725
+	return;
726
+}
727
+
728
+# RTPProxy control
729
+route[RTPPROXY] {
730
+#!ifdef WITH_NAT
731
+	if (is_method("BYE")) {
732
+		unforce_rtp_proxy();
733
+	} else if (is_method("INVITE")){
734
+		force_rtp_proxy();
735
+	}
736
+	if (!has_totag()) add_rr_param(";nat=yes");
737
+#!endif
738
+	return;
739
+}
740
+
741
+# Routing to foreign domains
742
+route[SIPOUT] {
743
+	if (!uri==myself)
744
+	{
745
+		append_hf("P-hint: outbound\r\n");
746
+		route(RELAY);
747
+	}
748
+}
749
+
750
+# PSTN GW routing
751
+route[PSTN] {
752
+#!ifdef WITH_PSTN
753
+	# check if PSTN GW IP is defined
754
+	if (strempty($sel(cfg_get.pstn.gw_ip))) {
755
+		xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
756
+		return;
757
+	}
758
+
759
+	# route to PSTN dialed numbers starting with '+' or '00'
760
+	#     (international format)
761
+	# - update the condition to match your dialing rules for PSTN routing
762
+	if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
763
+		return;
764
+
765
+	# only local users allowed to call
766
+	if(from_uri!=myself) {
767
+		sl_send_reply("403", "Not Allowed");
768
+		exit;
769
+	}
770
+
771
+	$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
772
+
773
+	route(RELAY);
774
+	exit;
775
+#!endif
776
+
777
+	return;
778
+}
779
+
780
+# XMLRPC routing
781
+#!ifdef WITH_XMLRPC
782
+route[XMLRPC]
783
+{
784
+	# allow XMLRPC from localhost
785
+	if ((method=="POST" || method=="GET")
786
+			&& (src_ip==127.0.0.1)) {
787
+		# close connection only for xmlrpclib user agents (there is a bug in
788
+		# xmlrpclib: it waits for EOF before interpreting the response).
789
+		if ($hdr(User-Agent) =~ "xmlrpclib")
790
+			set_reply_close();
791
+		set_reply_no_connect();
792
+		dispatch_rpc();
793
+		exit;
794
+	}
795
+	send_reply("403", "Forbidden");
796
+	exit;
797
+}
798
+#!endif
799
+
800
+# Sample branch router
801
+branch_route[BRANCH_ONE] {
802
+	xdbg("new branch at $ru\n");
803
+}
804
+
805
+# Sample onreply route
806
+onreply_route[REPLY_ONE] {
807
+	xdbg("incoming reply\n");
808
+#!ifdef WITH_NAT
809
+	if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
810
+			&& status=~"(183)|(2[0-9][0-9])") {
811
+		force_rtp_proxy();
812
+	}
813
+	if (isbflagset(FLB_NATB)) {
814
+		fix_nated_contact();
815
+	}
816
+#!endif
817
+}
818
+
819
+# Sample failure route
820
+failure_route[FAIL_ONE] {
821
+#!ifdef WITH_NAT
822
+	if (is_method("INVITE")
823
+			&& (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
824
+		unforce_rtp_proxy();
825
+	}
826
+#!endif
827
+
828
+	if (t_is_canceled()) {
829
+		exit;
830
+	}
831
+
832
+	# uncomment the following lines if you want to block client 
833
+	# redirect based on 3xx replies.
834
+	##if (t_check_status("3[0-9][0-9]")) {
835
+	##t_reply("404","Not found");
836
+	##	exit;
837
+	##}
838
+
839
+	# uncomment the following lines if you want to redirect the failed 
840
+	# calls to a different new destination
841
+	##if (t_check_status("486|408")) {
842
+	##	sethostport("192.168.2.100:5060");
843
+	##	append_branch();
844
+	##	# do not set the missed call flag again
845
+	##	t_relay();
846
+	##}
847
+}