Browse code

update mailing list URL

Victor Seva authored on 23/08/2018 14:59:11
Showing 1 changed files
... ...
@@ -16,7 +16,7 @@
16 16
 #
17 17
 # If you look for documentation, try http://sip-router.org/wiki/.
18 18
 # The right mailing lists for questions about this file is
19
-# <sr-users@lists.sip-router.org>.
19
+# <sr-users@lists.kamailio.org>.
20 20
 
21 21
 # To get this config running you need to execute the following commands
22 22
 # with the new serctl (the capital word are just place holders)
Browse code

sip-router*.cfg: enable warning by default

sip_warning is enabled by default (very useful for debugging, I wouldn't
a proxy without it). This is needed because the default value
changed in 3.1 (from on to off).

Andrei Pelinescu-Onciul authored on 22/09/2010 10:41:45
Showing 1 changed files
... ...
@@ -76,6 +76,7 @@ rev_dns=no      # (cmd. line: -R)
76 76
 #mhomed=yes  # usefull for multihomed hosts, small performance penalty
77 77
 #disable_tcp=yes 
78 78
 #tcp_accept_aliases=yes # accepts the tcp alias via option (see NEWS)
79
+sip_warning=yes
79 80
 #!ifdef WITH_TLS
80 81
 enable_tls=yes
81 82
 #!endif
Browse code

sip-router*.cfg: defines, links, test run support

- added links to docs, ser_ctl, serweb and sr-users mailing list
address

- feature defines compatible with kamailio.cfg: WITH_DEBUG,
WITH_TLS, WITH_XMLRPC (can be enabled by uncommenting the
corresponding #!define or by starting ser with -A WITH_XXXX)

- XMLRPC_TLS_ONLY define: when enabled XMLRPC will be allowed only
on TLS and only from clients with valid certificates.

- XMLRPC_ALLOW_NET1, XMLRPC_ALLOW_NET2, XMLRPC_ALLOW_NET3 defines:
when enabled they must contain a valid network address (e.g.
10.0.0.0/8). xmlrpc requests will be accepted only from
localhost (always) and from clients with source addresses
matching one of the XMLRPC_ALLOW_NET[1-3] defines.
E.g.: ser -A WITH_XMLRPC -A XMLRPC_ALLOW_NET1=10.0.0.0/8 ....

- LOCAL_TEST_RUN define: when enabled ser will assume it is
not installed and that it is started from the source/compile
directory (as opposed to an installed version). All the modules
will be searched in modules*/modulename/modulename.so and all the
other files referenced in the config will be relative to the
working directory (and not the ser config file directory).

- multicast replication listen address set to udp only (avoids
warnings on startup)

- load sl after tm (the new merged sl prints a warning if tm is
not loaded first)

- use ser instead of sip-router for the DB names/uris and ctl
sockets

- use a XMLRPC specific route

- XMLRPC bug workaround for xmlrpclib (which waits for an EOF
before interpreting the response).

Andrei Pelinescu-Onciul authored on 07/09/2010 16:20:40
Showing 1 changed files
... ...
@@ -1,7 +1,9 @@
1 1
 #
2 2
 # $Id$
3 3
 #
4
-
4
+# Example configuration file (simpler then ser-oob.cfg, but more
5
+# complex then ser-basic.cfg).
6
+#
5 7
 # First start SER sample config script with:
6 8
 #   database, accounting, authentication, multi-domain support
7 9
 #   PSTN GW section, named flags, named routes, global-,
... ...
@@ -11,17 +13,45 @@
11 13
 #
12 14
 # If you look for a simpler version with a lot less dependencies
13 15
 # please refer to the ser-basic.cfg file in your SER distribution.
16
+#
17
+# If you look for documentation, try http://sip-router.org/wiki/.
18
+# The right mailing lists for questions about this file is
19
+# <sr-users@lists.sip-router.org>.
14 20
 
15 21
 # To get this config running you need to execute the following commands
16 22
 # with the new serctl (the capital word are just place holders)
17 23
 # - ser_ctl domain add DOMAINNAME
18 24
 # - ser_ctl user add USERNAME@DOMAINNAME -p PASSWORD
25
+# ser_ctl can be obtained from
26
+# http://ftp.iptel.org/pub/serctl/daily-snapshots/.
27
+#
19 28
 # If you want to have PID header for your user
20 29
 # - ser_attr add uid=UID asserted_id="PID"
21 30
 # If you want to have gateway support
22 31
 # - ser_db add attr_types name=gw_ip rich_type=string raw_type=2 description="The gateway IP for the default ser.cfg" default_flags=33
23 32
 # - ser_attr add global gw_ip=GATEWAY-IP
24 33
 
34
+
35
+# ----------- Global Defines / Extra Features -------------------------------
36
+# (can be enabled either by uncommenting the corresponding #!define 
37
+#  statement or by starting with -A WITH_<FEATURE_NAME>, e.g.
38
+#  ser -A WITH_TLS -f /etc/ser/ser-oob.cfg )
39
+
40
+# enable TLS
41
+##!define WITH_TLS
42
+
43
+# started from compile directory (not installed)
44
+##!define LOCAL_TEST_RUN
45
+
46
+# xmlrpc allowed subnets (if defined XMLRPC requests with source ip matching
47
+# this network addresses will be allowed, if no XMLRPC_ALLOWED_SUBNETx is
48
+# defined only requests coming from localhost will be allowed).
49
+# E.g.: ser -A XMLRPC_ALLOW_NET1=192.168.1.0/24 -f ser-oob.cfg
50
+##!define XMLRPC_ALLOW_NET1  192.168.0.0/16
51
+##!define XMLRPC_ALLOW_NET2  10.0.0.0/255.0.0.0
52
+##!define XMLRPC_ALLOW_NET3  172.16.0.0/12
53
+
54
+
25 55
 # ----------- global configuration parameters ------------------------
26 56
 
27 57
 debug=2         # debug level (cmd line: -dddddddddd)
... ...
@@ -46,20 +76,25 @@ rev_dns=no      # (cmd. line: -R)
46 76
 #mhomed=yes  # usefull for multihomed hosts, small performance penalty
47 77
 #disable_tcp=yes 
48 78
 #tcp_accept_aliases=yes # accepts the tcp alias via option (see NEWS)
79
+#!ifdef WITH_TLS
49 80
 enable_tls=yes
81
+#!endif
50 82
 
51 83
 #
52 84
 
53 85
 # ------------------ module loading ----------------------------------
54 86
 
55
-#loadpath "modules:modules_s"
87
+#!ifdef LOCAL_TEST_RUN
88
+loadpath "modules:modules_s"
89
+#!else
56 90
 loadpath "/usr/lib/ser/modules:/usr/lib/ser/modules_s"
91
+#!endif
57 92
 
58 93
 # load a SQL database for authentication, domains, user AVPs etc.
59 94
 loadmodule "db_mysql"
60 95
 
61
-loadmodule "sl"
62 96
 loadmodule "tm"
97
+loadmodule "sl"
63 98
 loadmodule "rr"
64 99
 loadmodule "maxfwd"
65 100
 loadmodule "usrloc"
... ...
@@ -77,7 +112,9 @@ loadmodule "avp"
77 112
 loadmodule "avp_db"
78 113
 loadmodule "acc_db"
79 114
 loadmodule "xmlrpc"
80
-#loadmodule "tls"
115
+#!ifdef WITH_TLS
116
+loadmodule "tls"
117
+#!endif
81 118
 
82 119
 # ----------------- setting script FLAGS -----------------------------
83 120
 flags
... ...
@@ -128,7 +165,7 @@ modparam("ctl", "binrpc", "unixs:/tmp/ser_ctl")
128 165
 # listen on the "standard" fifo for backward compatibility
129 166
 modparam("ctl", "fifo", "fifo:/tmp/ser_fifo")
130 167
 # listen on tcp, localhost
131
-#modparam("ctl", "binrpc", "tcp:localhost:2046")
168
+modparam("ctl", "binrpc", "tcp:127.0.0.1:2046")
132 169
 
133 170
 # -- acc_db params --
134 171
 # failed transactions (=negative responses) should be logged to
... ...
@@ -142,6 +179,22 @@ modparam("acc_db", "log_flag", "FLAG_ACC")
142 179
 # restarts the resend timer (see INBOUND route below)
143 180
 #modparam("tm", "restart_fr_on_each_reply", "0")
144 181
 
182
+#!ifdef WITH_TLS
183
+# -- tls params --
184
+modparam("tls", "verify_certificate", 0)
185
+#!ifdef  LOCAL_TEST_RUN
186
+modparam("tls", "certificate", "./modules/tls/sip-router-selfsigned.pem")
187
+modparam("tls", "private_key", "./modules/tls/sip-router-selfsigned.key")
188
+#separate TLS config file
189
+#modparam("tls", "config", "./modules/tls/tls.cfg")
190
+#!else
191
+modparam("tls", "certificate", "ser-selfsigned.pem")
192
+modparam("tls", "private_key", "ser-selfsigned.key")
193
+#separate TLS config file
194
+#modparam("tls", "config", "tls.cfg")
195
+#!endif
196
+
197
+
145 198
 # -- xmlrpc params --
146 199
 # using a sub-route from the module is a lot safer then relying on the
147 200
 # request method to distinguish HTTP from SIP
... ...
@@ -244,13 +297,28 @@ route[RPC]
244 297
 {
245 298
 	# allow XMLRPC from localhost
246 299
 	if ((method=="POST" || method=="GET") &&
247
-		src_ip==127.0.0.1) {
300
+		(src_ip==127.0.0.1
301
+	#!ifdef XMLRPC_ALLOW_NET1
302
+		|| src_ip == XMLRPC_ALLOW_NET1
303
+	#!endif
304
+	#!ifdef XMLRPC_ALLOW_NET2
305
+		|| src_ip == XMLRPC_ALLOW_NET2
306
+	#!endif
307
+	#!ifdef XMLRPC_ALLOW_NET3
308
+		|| src_ip == XMLRPC_ALLOW_NET3
309
+	#!endif
310
+		)) {
248 311
 
249 312
 		if (msg:len >= 8192) {
250 313
 			sl_reply("513", "Request to big");
251 314
 			drop;
252 315
 		}
253 316
 
317
+		# close connection only for xmlrpclib user agents (there is a bug in
318
+		# xmlrpclib: it waits for EOF before interpreting the response).
319
+		if (search("^User-Agent:.*xmlrpclib"))
320
+			set_reply_close();
321
+		set_reply_no_connect(); # optional
254 322
 		# lets see if a module wants to answer this
255 323
 		dispatch_rpc();
256 324
 		drop;
Browse code

sr: small spelling fix in default sr cfg

Henning Westerholt authored on 15/01/2010 17:31:36
Showing 1 changed files
... ...
@@ -364,7 +364,7 @@ route[REGISTRAR]
364 364
 		#	drop;
365 365
 		#}
366 366
 
367
-		# everyhting is fine so lets store the binding
367
+		# everything is fine so lets store the binding
368 368
 		if (!save_contacts("location")) {
369 369
 			sl_reply("400", "Invalid REGISTER Request");
370 370
 			drop;
Browse code

* Core, etc, documentation: renamed ser to sip-router

* Renamed ser to sip-router in Makefile, etc files and some core files.
* Renamed some etc files from ser based name to sip-router based name.

Juha Heinanen authored on 24/06/2009 12:44:10
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,549 @@
1
+#
2
+# $Id$
3
+#
4
+
5
+# First start SER sample config script with:
6
+#   database, accounting, authentication, multi-domain support
7
+#   PSTN GW section, named flags, named routes, global-,
8
+#   domain- and user-preferences with AVPs
9
+# Several of these features are only here for demonstration purpose
10
+# what can be achieved with the SER config script language.
11
+#
12
+# If you look for a simpler version with a lot less dependencies
13
+# please refer to the ser-basic.cfg file in your SER distribution.
14
+
15
+# To get this config running you need to execute the following commands
16
+# with the new serctl (the capital word are just place holders)
17
+# - ser_ctl domain add DOMAINNAME
18
+# - ser_ctl user add USERNAME@DOMAINNAME -p PASSWORD
19
+# If you want to have PID header for your user
20
+# - ser_attr add uid=UID asserted_id="PID"
21
+# If you want to have gateway support
22
+# - ser_db add attr_types name=gw_ip rich_type=string raw_type=2 description="The gateway IP for the default ser.cfg" default_flags=33
23
+# - ser_attr add global gw_ip=GATEWAY-IP
24
+
25
+# ----------- global configuration parameters ------------------------
26
+
27
+debug=2         # debug level (cmd line: -dddddddddd)
28
+#memdbg=10 # memory debug log level
29
+#memlog=10 # memory statistics log level
30
+#log_facility=LOG_LOCAL0 # sets the facility used for logging (see syslog(3))
31
+
32
+/* Uncomment these lines to enter debugging mode 
33
+fork=no
34
+log_stderror=yes
35
+*/
36
+
37
+check_via=no    # (cmd. line: -v)
38
+dns=no          # (cmd. line: -r)
39
+rev_dns=no      # (cmd. line: -R)
40
+#port=5060
41
+#children=4
42
+#user=ser
43
+#group=ser
44
+#disable_core=yes #disables core dumping
45
+#open_fd_limit=1024 # sets the open file descriptors limit
46
+#mhomed=yes  # usefull for multihomed hosts, small performance penalty
47
+#disable_tcp=yes 
48
+#tcp_accept_aliases=yes # accepts the tcp alias via option (see NEWS)
49
+enable_tls=yes
50
+
51
+#
52
+
53
+# ------------------ module loading ----------------------------------
54
+
55
+#loadpath "modules:modules_s"
56
+loadpath "/usr/lib/ser/modules:/usr/lib/ser/modules_s"
57
+
58
+# load a SQL database for authentication, domains, user AVPs etc.
59
+loadmodule "db_mysql"
60
+
61
+loadmodule "sl"
62
+loadmodule "tm"
63
+loadmodule "rr"
64
+loadmodule "maxfwd"
65
+loadmodule "usrloc"
66
+loadmodule "registrar"
67
+loadmodule "xlog"
68
+loadmodule "textops"
69
+loadmodule "ctl"
70
+loadmodule "cfg_rpc"
71
+loadmodule "auth"
72
+loadmodule "auth_db"
73
+loadmodule "gflags"
74
+loadmodule "domain"
75
+loadmodule "uri_db"
76
+loadmodule "avp"
77
+loadmodule "avp_db"
78
+loadmodule "acc_db"
79
+loadmodule "xmlrpc"
80
+#loadmodule "tls"
81
+
82
+# ----------------- setting script FLAGS -----------------------------
83
+flags
84
+  FLAG_ACC          : 1,  # include message in accounting
85
+  FLAG_FAILUREROUTE : 2;  # we are operating from a failure route
86
+
87
+avpflags
88
+  dialog_cookie;        # handled by rr module
89
+
90
+# ----------------- setting module-specific parameters ---------------
91
+
92
+# specify the path to you database here
93
+modparam("acc_db|auth_db|avp_db|domain|gflags|usrloc|uri_db", "db_url", "mysql://ser:heslo@127.0.0.1/ser")
94
+
95
+# -- usrloc params --
96
+
97
+# as we use the database anyway we will use it for usrloc as well
98
+modparam("usrloc", "db_mode", 1)
99
+
100
+# -- auth params --
101
+modparam("auth_db", "calculate_ha1", yes)
102
+modparam("auth_db", "plain_password_column", "password")
103
+
104
+# -- rr params --
105
+# add value to ;lr param to make some broken UAs happy
106
+modparam("rr", "enable_full_lr", 1)
107
+#
108
+# limit the length of the AVP cookie to only necessary ones
109
+modparam("rr", "cookie_filter", "(account)")
110
+#
111
+# you probably do not want that someone can simply read and change
112
+# the AVP cookie in your Routes, thus should really change this
113
+# secret value below
114
+modparam("rr", "cookie_secret", "MyRRAVPcookiesecret")
115
+
116
+# -- gflags params --
117
+# load the global AVPs
118
+modparam("gflags", "load_global_attrs", 1)
119
+
120
+# -- domain params --
121
+# load the domain AVPs
122
+modparam("domain", "load_domain_attrs", 1)
123
+
124
+# -- ctl params --
125
+# by default ctl listens on unixs:/tmp/ser_ctl if no other address is
126
+# specified in modparams; this is also the default for sercmd
127
+modparam("ctl", "binrpc", "unixs:/tmp/ser_ctl")
128
+# listen on the "standard" fifo for backward compatibility
129
+modparam("ctl", "fifo", "fifo:/tmp/ser_fifo")
130
+# listen on tcp, localhost
131
+#modparam("ctl", "binrpc", "tcp:localhost:2046")
132
+
133
+# -- acc_db params --
134
+# failed transactions (=negative responses) should be logged to
135
+modparam("acc_db", "failed_transactions", 1)
136
+
137
+# comment the next line if you dont want to have accounting to DB
138
+modparam("acc_db", "log_flag", "FLAG_ACC")
139
+
140
+# -- tm params --
141
+# uncomment the following line if you want to avoid that each new reply
142
+# restarts the resend timer (see INBOUND route below)
143
+#modparam("tm", "restart_fr_on_each_reply", "0")
144
+
145
+# -- xmlrpc params --
146
+# using a sub-route from the module is a lot safer then relying on the
147
+# request method to distinguish HTTP from SIP
148
+modparam("xmlrpc", "route", "RPC");
149
+
150
+# -------------------------  request routing logic -------------------
151
+
152
+# main routing logic
153
+
154
+route{
155
+	# if you have a PSTN gateway just un-comment the follwoing line and 
156
+	# specify the IP address of it to route calls to it
157
+	#$gw_ip = "1.2.3.4"
158
+
159
+	# first do some initial sanity checks
160
+	route(INIT);
161
+
162
+	# bypass the rest of the script for CANCELs if possible
163
+	route(CATCH_CANCEL);
164
+
165
+	# check if the request is routed via Route header or
166
+	# needs a Record-Route header
167
+	route(RR);
168
+
169
+	# check if the request belongs to our proxy
170
+	route(DOMAIN);
171
+
172
+	# handle REGISTER requests
173
+	route(REGISTRAR);
174
+
175
+	# from here on we want to know you is calling
176
+	route(AUTHENTICATION);
177
+
178
+	# check if we should be outbound proxy for a local user
179
+	route(OUTBOUND);
180
+
181
+	# check if the request is for a local user
182
+	route(INBOUND);
183
+
184
+	# here you could for example try to do an ENUM lookup before
185
+	# the call gets routed to the PSTN
186
+	#route(ENUM);
187
+
188
+	# lets see if someone wants to call a PSTN number
189
+	route(PSTN);
190
+
191
+	# nothing matched, reject it finally
192
+	sl_reply("404", "No route matched");
193
+}
194
+
195
+route[FORWARD]
196
+{
197
+	# here you could decide wether this call needs a RTP relay or not
198
+
199
+	# if this is called from the failure route we need to open a new branch
200
+	if (isflagset(FLAG_FAILUREROUTE)) {
201
+		append_branch();
202
+	}
203
+
204
+	# if this is an initial INVITE (without a To-tag) we might try another
205
+	# (forwarding or voicemail) target after receiving an error
206
+	if (method=="INVITE" && strempty(@to.tag)) {
207
+		t_on_failure("FAILURE_ROUTE");
208
+	}
209
+
210
+	# send it out now; use stateful forwarding as it works reliably
211
+	# even for UDP2TCP
212
+	if (!t_relay()) {
213
+		sl_reply_error();
214
+	}
215
+	drop;
216
+}
217
+
218
+route[INIT]
219
+{
220
+	# initial sanity checks -- messages with
221
+	# max_forwards==0, or excessively long requests
222
+	if (!mf_process_maxfwd_header("10")) {
223
+		sl_reply("483","Too Many Hops");
224
+		drop;
225
+	}
226
+
227
+	if (msg:len >=  4096 ) {
228
+		sl_reply("513", "Message too big");
229
+		drop;
230
+	}
231
+
232
+	# you could add some NAT detection here for example
233
+
234
+	# or you cuold call here some of the check from the sanity module
235
+
236
+	# lets account all initial INVITEs
237
+	# further in-dialog requests are accounted by a RR cookie (see below)
238
+	if (method=="INVITE" && strempty(@to.tag)) {
239
+		setflag(FLAG_ACC);
240
+	}
241
+}
242
+
243
+route[RPC]
244
+{
245
+	# allow XMLRPC from localhost
246
+	if ((method=="POST" || method=="GET") &&
247
+		src_ip==127.0.0.1) {
248
+
249
+		if (msg:len >= 8192) {
250
+			sl_reply("513", "Request to big");
251
+			drop;
252
+		}
253
+
254
+		# lets see if a module wants to answer this
255
+		dispatch_rpc();
256
+		drop;
257
+	}
258
+}
259
+
260
+route[RR]
261
+{
262
+	# subsequent messages withing a dialog should take the
263
+	# path determined by record-routing
264
+	if (loose_route()) {
265
+		# mark routing logic in request
266
+		append_hf("P-hint: rr-enforced\r\n"); 
267
+
268
+		# if the Route contained the accounting AVP cookie we
269
+		# set the accounting flag for the acc_db module.
270
+		# this is more for demonstration purpose as this could
271
+		# also be solved without RR cookies.
272
+		# Note: this means all in-dialog request will show up in the
273
+		# accounting tables, so prepare your accounting software for this ;-)
274
+		if ($account == "yes") {
275
+			setflag(FLAG_ACC);
276
+		}
277
+
278
+		# for broken devices which overwrite their Route's with each
279
+		# (not present) RR from within dialog requests it is better
280
+		# to repeat the RRing
281
+		# and if we call rr after loose_route the AVP cookies are restored
282
+		# automatically :)
283
+		record_route();
284
+
285
+		route(FORWARD);
286
+	} else if (!method=="REGISTER") {
287
+		# we record-route all messages -- to make sure that
288
+		# subsequent messages will go through our proxy; that's
289
+		# particularly good if upstream and downstream entities
290
+		# use different transport protocol
291
+
292
+		# if the inital INVITE got the ACC flag store this in
293
+		# an RR AVP cookie. this is more for demonstration purpose
294
+		if (isflagset(FLAG_ACC)) {
295
+			$account = "yes";
296
+			setavpflag($account, "dialog_cookie");
297
+		}
298
+
299
+		record_route();
300
+	}
301
+}
302
+
303
+route[DOMAIN]
304
+{
305
+	# check if the caller is from a local domain
306
+	lookup_domain("$fd", "@from.uri.host");
307
+
308
+	# check if the callee is at a local domain
309
+	lookup_domain("$td", "@ruri.host");
310
+
311
+	# we dont know the domain of the caller and also not
312
+	# the domain of the callee -> somone uses our proxy as
313
+	# a relay
314
+	if (strempty($t.did) && strempty($f.did)) {
315
+		sl_reply("403", "Relaying Forbidden");
316
+		drop;
317
+	}
318
+}
319
+
320
+route[REGISTRAR]
321
+{
322
+	# if the request is a REGISTER lets take care of it
323
+	if (method=="REGISTER") {
324
+		# check if the REGISTER if for one of our local domains
325
+		if (strempty($t.did)) {
326
+			sl_reply("403", "Register forwarding forbidden");
327
+			drop;
328
+		}
329
+
330
+		# we want only authenticated users to be registered
331
+		if (!www_authenticate("$fd.digest_realm", "credentials")) {
332
+			if ($? == -2) {
333
+				sl_reply("500", "Internal Server Error");
334
+			} else if ($? == -3) {
335
+				sl_reply("400", "Bad Request");
336
+			} else {
337
+				if ($digest_challenge != "") {
338
+					append_to_reply("%$digest_challenge");
339
+				}
340
+				sl_reply("401", "Unauthorized");
341
+			}
342
+			drop;
343
+		}
344
+
345
+		# check if the authenticated user is the same as the target user
346
+		if (!lookup_user("$tu.uid", "@to.uri")) {
347
+			sl_reply("404", "Unknown user in To");
348
+			drop;
349
+		}
350
+
351
+		if ($f.uid != $t.uid) {
352
+			sl_reply("403", "Authentication and To-Header mismatch");
353
+			drop;
354
+		}
355
+
356
+		# check if the authenticated user is the same as the request originator
357
+		# you may uncomment it if you care, what uri is in From header
358
+		#if (!lookup_user("$fu.uid", "@from.uri")) {
359
+		#	sl_reply("404", "Unknown user in From");
360
+		#	drop;
361
+		#}
362
+		#if ($fu.uid != $tu.uid) {
363
+		#	sl_reply("403", "Authentication and From-Header mismatch");
364
+		#	drop;
365
+		#}
366
+
367
+		# everyhting is fine so lets store the binding
368
+		if (!save_contacts("location")) {
369
+			sl_reply("400", "Invalid REGISTER Request");
370
+			drop;
371
+		}
372
+		drop;
373
+	}
374
+}
375
+
376
+route[AUTHENTICATION]
377
+{
378
+	if (method=="CANCEL" || method=="ACK") {
379
+		# you are not allowed to challenge these methods
380
+		break;
381
+	}
382
+
383
+	# requests from non-local to local domains should be permitted
384
+	# remove this if you want a walled garden
385
+	if (strempty($f.did)) {
386
+		break;
387
+	}
388
+
389
+	# as gateways are usually not able to authenticate for their
390
+	# requests you will have trust them base on some other information
391
+	# like the source IP address. WARNING: if at all this is only safe
392
+	# in a local network!!!
393
+	#if (src_ip==a.b.c.d) {
394
+	#	break;
395
+	#}
396
+
397
+	if (!proxy_authenticate("$fd.digest_realm", "credentials")) {
398
+		if ($? == -2) {
399
+			sl_reply("500", "Internal Server Error");
400
+		} else if ($? == -3) {
401
+			sl_reply("400", "Bad Request");
402
+		} else {
403
+			if ($digest_challenge != "") {
404
+				append_to_reply("%$digest_challenge");
405
+			}
406
+			sl_reply("407", "Proxy Authentication Required");
407
+		}
408
+		drop;
409
+	}
410
+
411
+	# check if the UID from the authentication meets the From header
412
+	$authuid = $uid;
413
+	if (!lookup_user("$fu.uid", "@from.uri")) {
414
+		del_attr("$uid");
415
+	}
416
+	if ($fu.uid != $fr.authuid) {
417
+		sl_reply("403", "Fake Identity");
418
+		drop;
419
+	}
420
+	# load the user AVPs (preferences) of the caller, e.g. for RPID header
421
+	load_attrs("$fu", "$f.uid");
422
+}
423
+
424
+route[OUTBOUND]
425
+{
426
+	# if a local user calls to a foreign domain we play outbound proxy for him
427
+	# comment this out if you want a walled garden
428
+	if ($f.did != ""  && $t.did == "") {
429
+		append_hf("P-hint: outbound\r\n");
430
+		route(FORWARD);
431
+	}
432
+}
433
+
434
+route[INBOUND]
435
+{
436
+	# lets see if know the callee
437
+	if (lookup_user("$tu.uid", "@ruri")) {
438
+
439
+		# load the preferences of the callee to have his timeout values loaded
440
+		load_attrs("$tu", "$t.uid");
441
+
442
+		# if you want to know if the callee username was an alias
443
+		# check it like this
444
+		#if (strempty($tu.uri_canonical)) {
445
+			# if the alias URI has different AVPs/preferences
446
+			# you can load them into the URI track like this
447
+			#load_attrs("$tr", "@ruri");
448
+		#}
449
+
450
+		# check for call forwarding of the callee
451
+		# Note: the forwarding target has to be full routable URI
452
+		#       in this example
453
+		if ($tu.fwd_always_target != "") {
454
+			attr2uri("$tu.fwd_always_target");
455
+			route(FORWARD);
456
+		}
457
+
458
+		# native SIP destinations are handled using our USRLOC DB
459
+		if (lookup_contacts("location")) {
460
+			append_hf("P-hint: usrloc applied\r\n");
461
+
462
+			# we set the TM module timers according to the prefences
463
+			# of the callee (avoid too long ringing of his phones)
464
+			# Note1: timer values have to be in ms now!
465
+			# Note2: this makes even more sense if you switch to a voicemail
466
+			#        from the FAILURE_ROUTE below
467
+			if ($t.fr_inv_timer != 0) {
468
+				if ($t.fr_timer != 0) {
469
+					t_set_fr("$t.fr_inv_timer", "$t.fr_timer");
470
+				} else {
471
+					t_set_fr("$t.fr_inv_timer");
472
+				}
473
+			}
474
+
475
+			route(FORWARD);
476
+		} else {
477
+			sl_reply("480", "User temporarily not available");
478
+			drop;
479
+		}
480
+	}
481
+}
482
+
483
+route[PSTN]
484
+{
485
+	# Only if the AVP 'gw_ip' is set and the request URI contains
486
+	# only a number we consider sending this to the PSTN GW.
487
+	# Only users from a local domain are permitted to make calls.
488
+	# Additionally you might want to check the acl AVP to verify
489
+	# that the user is allowed to make such expensives calls.
490
+	if ($f.did != "" && $gw_ip != "" &&
491
+		uri=~"sips?:\+?[0-9]{3,18}@.*") {
492
+		# probably you need to convert the number in the request
493
+		# URI according to the requirements of your gateway here
494
+
495
+		# if an AVP 'asserted_id' is set we insert an RPID header
496
+		if ($asserted_id != "") {
497
+			xlset_attr("$rpidheader", "<sip:%$asserted_id@%@ruri.host>;screen=yes");
498
+			replace_attr_hf("Remote-Party-ID", "$rpidheader");
499
+		}
500
+
501
+		# just replace the domain part of the RURI with the
502
+		# value from the AVP and send it out
503
+		attr2uri("$gw_ip", "domain");
504
+		route(FORWARD);
505
+	}
506
+}
507
+
508
+route[CATCH_CANCEL] {
509
+	# check whether there is a corresponding INVITE to the CANCEL,
510
+	# and bypass the rest of the script if possible
511
+
512
+	if (method == CANCEL) {
513
+		if (!t_relay_cancel()) { # implicit drop if the INVITE was found
514
+
515
+			# INVITE was found but some error occurred
516
+			sl_reply("500", "Internal Server Error");
517
+			drop;
518
+		}
519
+		# bad luck, no corresponding INVITE was found,
520
+		# we have to continue with the script
521
+	}
522
+}
523
+
524
+failure_route[FAILURE_ROUTE]
525
+{
526
+	# mark for the other routes that we are operating from here on from a
527
+	# failure route
528
+	setflag(FLAG_FAILUREROUTE);
529
+
530
+	if (t_check_status("486|600")) {
531
+		# if we received a busy and a busy target is set, forward it there
532
+		# Note: again the forwarding target has to be a routeable URI
533
+		if ($tu.fwd_busy_target != "") {
534
+			attr2uri("$tu.fwd_busy_target");
535
+			route(FORWARD);
536
+		}
537
+		# alternatively you could forward the request to SEMS/voicemail here
538
+	}
539
+	else if (t_check_status("408|480")) {
540
+		# if we received no answer and the noanswer target is set,
541
+		# forward it there
542
+		# Note: again the target has to be a routeable URI
543
+		if ($tu.fwd_noanswer_target != "") {
544
+			attr2uri("$tu.fwd_noanswer_target");
545
+			route(FORWARD);
546
+		}
547
+		# alternatively you could forward the request to SEMS/voicemail here
548
+	}
549
+}