Browse code

etc/kamailio.cfg: comment for route[NATMANAGE] made generic

Daniel-Constantin Mierla authored on 30/08/2022 07:07:58
Showing 1 changed files
... ...
@@ -854,7 +854,7 @@ route[NATDETECT] {
854 854
 	return;
855 855
 }
856 856
 
857
-# RTPProxy control and signaling updates for NAT traversal
857
+# RTP relaying management and signaling updates for NAT traversal
858 858
 route[NATMANAGE] {
859 859
 #!ifdef WITH_NAT
860 860
 	if (is_request()) {
Browse code

etc/kamailio.cfg: corrected a typo ("endabled"), GH #3223

Henning Westerholt authored on 23/08/2022 07:29:23
Showing 1 changed files
... ...
@@ -24,7 +24,7 @@
24 24
 # *** To run in debug mode:
25 25
 #     - define WITH_DEBUG
26 26
 #     - debug level increased to 3, logs still sent to syslog
27
-#     - debugger module loaded with cfgtrace endabled
27
+#     - debugger module loaded with cfgtrace enabled
28 28
 #
29 29
 # *** To enable mysql:
30 30
 #     - define WITH_MYSQL
Browse code

etc/kamailio.cfg: use of htable guarded by own ifdef

- allows independent loading for extending (e.g., store items to fix
in-dialog routing)

Daniel-Constantin Mierla authored on 17/06/2022 07:15:27
Showing 1 changed files
... ...
@@ -93,6 +93,9 @@
93 93
 #       block if more than 16 requests in 2 seconds and ban for 300 seconds)
94 94
 #     - define WITH_ANTIFLOOD
95 95
 #
96
+# *** To load htable module execute:
97
+#     - define WITH_HTABLE
98
+#
96 99
 # *** To block 3XX redirect replies execute:
97 100
 #     - define WITH_BLOCK3XX
98 101
 #
... ...
@@ -148,6 +151,11 @@ import_file "kamailio-local.cfg"
148 151
 #!define MULTIDOMAIN 0
149 152
 #!endif
150 153
 
154
+#!ifdef WITH_ANTIFLOOD
155
+# - hash table 'ipban' used to store blocked IP addresses
156
+#!trydef WITH_HTABLE
157
+#!endif
158
+
151 159
 # - flags
152 160
 #   FLT_ - per transaction (message) flags
153 161
 #!define FLT_ACC 1
... ...
@@ -315,8 +323,11 @@ loadmodule "rtpproxy.so"
315 323
 loadmodule "tls.so"
316 324
 #!endif
317 325
 
318
-#!ifdef WITH_ANTIFLOOD
326
+#!ifdef WITH_HTABLE
319 327
 loadmodule "htable.so"
328
+#!endif
329
+
330
+#!ifdef WITH_ANTIFLOOD
320 331
 loadmodule "pike.so"
321 332
 #!endif
322 333
 
... ...
@@ -482,11 +493,15 @@ modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
482 493
 modparam("pike", "sampling_time_unit", 2)
483 494
 modparam("pike", "reqs_density_per_unit", 16)
484 495
 modparam("pike", "remove_latency", 4)
496
+#!endif
485 497
 
498
+#!ifdef WITH_HTABLE
486 499
 # ----- htable params -----
500
+#!ifdef WITH_ANTIFLOOD
487 501
 /* ip ban htable with autoexpire after 5 minutes */
488 502
 modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
489 503
 #!endif
504
+#!endif
490 505
 
491 506
 #!ifdef WITH_DEBUG
492 507
 # ----- debugger params -----
Browse code

etc/kamailio.cfg: add return to root blocks

- make it more explicit for returned code

Daniel-Constantin Mierla authored on 24/03/2022 10:10:32
Showing 1 changed files
... ...
@@ -567,6 +567,8 @@ request_route {
567 567
 
568 568
 	# user location service
569 569
 	route(LOCATION);
570
+
571
+	return;
570 572
 }
571 573
 
572 574
 # Wrapper for relaying requests
... ...
@@ -1002,6 +1004,7 @@ route[TOVOICEMAIL] {
1002 1004
 branch_route[MANAGE_BRANCH] {
1003 1005
 	xdbg("new branch [$T_branch_idx] to $ru\n");
1004 1006
 	route(NATMANAGE);
1007
+	return;
1005 1008
 }
1006 1009
 
1007 1010
 # Manage incoming replies
... ...
@@ -1010,6 +1013,7 @@ reply_route {
1010 1013
 		xlog("Malformed SIP response from $si:$sp\n");
1011 1014
 		drop;
1012 1015
 	}
1016
+	return;
1013 1017
 }
1014 1018
 
1015 1019
 # Manage incoming replies in transaction context
... ...
@@ -1018,6 +1022,7 @@ onreply_route[MANAGE_REPLY] {
1018 1022
 	if(status=~"[12][0-9][0-9]") {
1019 1023
 		route(NATMANAGE);
1020 1024
 	}
1025
+	return;
1021 1026
 }
1022 1027
 
1023 1028
 # Manage failure routing cases
... ...
@@ -1051,4 +1056,5 @@ failure_route[MANAGE_FAILURE] {
1051 1056
 		exit;
1052 1057
 	}
1053 1058
 #!endif
1059
+	return;
1054 1060
 }
Browse code

etc: kamailio.cfg - updated version in comments

Daniel-Constantin Mierla authored on 27/10/2021 11:24:59
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio SIP Server v5.5 - default configuration script
3
+# Kamailio SIP Server v5.6 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

etc: kamailio.cfg - added pplsip to user-agent list to drop

Daniel-Constantin Mierla authored on 26/10/2021 06:23:59
Showing 1 changed files
... ...
@@ -615,7 +615,7 @@ route[REQINIT] {
615 615
 		}
616 616
 	}
617 617
 #!endif
618
-	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent") {
618
+	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
619 619
 		# silent drop for scanners - uncomment next line if want to reply
620 620
 		# sl_send_reply("200", "OK");
621 621
 		exit;
Browse code

etc/kamailio.cfg: removed old project name [skip ci]

Daniel-Constantin Mierla authored on 25/03/2021 10:09:29
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio (OpenSER) SIP Server v5.5 - default configuration script
3
+# Kamailio SIP Server v5.5 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

kamailio.cfg: use SIP-source-address

* default behavior of rtpengine is trust-address
* use SIP-source-address for nat_uac_test("8")

Fred Posner authored on 03/03/2021 02:59:08
Showing 1 changed files
... ...
@@ -851,9 +851,9 @@ route[NATMANAGE] {
851 851
 
852 852
 #!ifdef WITH_RTPENGINE
853 853
 	if(nat_uac_test("8")) {
854
-		rtpengine_manage("replace-origin replace-session-connection");
854
+		rtpengine_manage("SIP-source-address replace-origin replace-session-connection");
855 855
 	} else {
856
-		rtpengine_manage("trust-address replace-origin replace-session-connection");
856
+		rtpengine_manage("replace-origin replace-session-connection");
857 857
 	}
858 858
 #!else
859 859
 	if(nat_uac_test("8")) {
Browse code

kamailio.cfg: updated version in comments

Daniel-Constantin Mierla authored on 12/02/2021 12:43:11
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio (OpenSER) SIP Server v5.4 - default configuration script
3
+# Kamailio (OpenSER) SIP Server v5.5 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

etc/kamailio.cfg: split to filter on both friendly and scanner

- some scanning scripts use a different format for the user agent

Daniel-Constantin Mierla authored on 23/11/2020 09:10:55
Showing 1 changed files
... ...
@@ -615,7 +615,7 @@ route[REQINIT] {
615 615
 		}
616 616
 	}
617 617
 #!endif
618
-	if($ua =~ "friendly-scanner|sipcli|sipvicious|VaxSIPUserAgent") {
618
+	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent") {
619 619
 		# silent drop for scanners - uncomment next line if want to reply
620 620
 		# sl_send_reply("200", "OK");
621 621
 		exit;
Browse code

etc: kamailio.cfg - relocated comment related to branch flags

Daniel-Constantin Mierla authored on 14/10/2020 09:13:01
Showing 1 changed files
... ...
@@ -150,12 +150,12 @@ import_file "kamailio-local.cfg"
150 150
 
151 151
 # - flags
152 152
 #   FLT_ - per transaction (message) flags
153
-#	FLB_ - per branch flags
154 153
 #!define FLT_ACC 1
155 154
 #!define FLT_ACCMISSED 2
156 155
 #!define FLT_ACCFAILED 3
157 156
 #!define FLT_NATS 5
158 157
 
158
+#	FLB_ - per branch flags
159 159
 #!define FLB_NATB 6
160 160
 #!define FLB_NATSIPPING 7
161 161
 
Browse code

etc/kamailio.cfg: set load_backends to 1 for permissions module

- the config uses only address table

Daniel-Constantin Mierla authored on 12/08/2020 19:41:56
Showing 1 changed files
... ...
@@ -420,7 +420,7 @@ modparam("auth_db", "use_domain", MULTIDOMAIN)
420 420
 # ----- permissions params -----
421 421
 #!ifdef WITH_IPAUTH
422 422
 modparam("permissions", "db_url", DBURL)
423
-modparam("permissions", "db_mode", 1)
423
+modparam("permissions", "load_backends", 1)
424 424
 #!endif
425 425
 
426 426
 #!endif
Browse code

etc: kamailio.cfg - use enable_sctp instead of disable_sctp

- be coherent with tls variant

Daniel-Constantin Mierla authored on 09/07/2020 13:25:39
Showing 1 changed files
... ...
@@ -215,7 +215,7 @@ tls_max_connections=2048
215 215
 #!endif
216 216
 
217 217
 /* set it to yes to enable sctp and load sctp.so module */
218
-disable_sctp=yes
218
+enable_sctp=no
219 219
 
220 220
 ####### Custom Parameters #########
221 221
 
Browse code

etc: kamailio.cfg - several updates

- use force_rport() at the beginning of processing requests, note added
in the top comments to inform that config performs symmetric signaling
- load textopsx module and added define option to apply changes before
presence handling, so changes to headers or body are visible to presence
functions
- modparams to enable use of Path for registrar module
- modparam timer_procs for usrloc module
- a bit of refactoring for debug mode, level being set by a defined
token and log_stderror is set always to no, so even with higher debug
level logs are sent to syslog (added comment how to enable it via
setting value to 'yes' or using -E cli option)
- updated notes for debug mode and listen param
- GH #2381

Daniel-Constantin Mierla authored on 09/07/2020 12:09:32
Showing 1 changed files
... ...
@@ -15,11 +15,16 @@
15 15
 #       #!subst, #!substdef, ...
16 16
 #     - lines starting with //
17 17
 #     - blocks enclosed in between /* */
18
+# Note: the config performs symmetric SIP signaling
19
+#     - it sends the reply to the source address of the request
20
+#     - remove the use of force_rport() for asymmetric SIP signaling
18 21
 #
19 22
 # Several features can be enabled using '#!define WITH_FEATURE' directives:
20 23
 #
21 24
 # *** To run in debug mode:
22 25
 #     - define WITH_DEBUG
26
+#     - debug level increased to 3, logs still sent to syslog
27
+#     - debugger module loaded with cfgtrace endabled
23 28
 #
24 29
 # *** To enable mysql:
25 30
 #     - define WITH_MYSQL
... ...
@@ -27,7 +32,7 @@
27 32
 # *** To enable authentication execute:
28 33
 #     - enable mysql
29 34
 #     - define WITH_AUTH
30
-#     - add users using 'kamctl'
35
+#     - add users using 'kamctl' or 'kamcli'
31 36
 #
32 37
 # *** To enable IP authentication execute:
33 38
 #     - enable mysql
... ...
@@ -42,6 +47,8 @@
42 47
 # *** To enable presence server execute:
43 48
 #     - enable mysql
44 49
 #     - define WITH_PRESENCE
50
+#     - if modified headers or body in config must be used by presence handling:
51
+#     - define WITH_MSGREBUILD
45 52
 #
46 53
 # *** To enable nat traversal execute:
47 54
 #     - define WITH_NAT
... ...
@@ -122,13 +129,18 @@ import_file "kamailio-local.cfg"
122 129
 ####### Defined Values #########
123 130
 
124 131
 # *** Value defines - IDs used later in config
132
+#!ifdef WITH_DEBUG
133
+#!define DBGLEVEL 3
134
+#!else
135
+#!define DBGLEVEL 2
136
+#!endif
137
+
125 138
 #!ifdef WITH_MYSQL
126 139
 # - database URL - used to connect to database server by modules such
127 140
 #       as: auth_db, acc, usrloc, a.s.o.
128
-#!ifndef DBURL
129
-#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
130
-#!endif
141
+#!trydef DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
131 142
 #!endif
143
+
132 144
 #!ifdef WITH_MULTIDOMAIN
133 145
 # - the value for 'use_domain' parameters
134 146
 #!define MULTIDOMAIN 1
... ...
@@ -149,14 +161,11 @@ import_file "kamailio-local.cfg"
149 161
 
150 162
 ####### Global Parameters #########
151 163
 
152
-### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
153
-#!ifdef WITH_DEBUG
154
-debug=4
155
-log_stderror=yes
156
-#!else
157
-debug=2
164
+/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
165
+debug=DBGLEVEL
166
+
167
+/* set to 'yes' to print log messages to terminal or use '-E' cli option */
158 168
 log_stderror=no
159
-#!endif
160 169
 
161 170
 memdbg=5
162 171
 memlog=5
... ...
@@ -178,11 +187,13 @@ children=8
178 187
  * based on reverse DNS on IPs (default on) */
179 188
 # auto_aliases=no
180 189
 
181
-/* add local domain aliases */
190
+/* add local domain aliases - it can be set many times */
182 191
 # alias="sip.mydomain.com"
183 192
 
184
-/* uncomment and configure the following line if you want Kamailio to
185
- * bind on a specific interface/port/proto (default bind on all available) */
193
+/* listen sockets - if none set, Kamailio binds to all local IP addresses
194
+ * - basic prototype (full prototype can be found in Wiki - Core Cookbook):
195
+ *      listen=[proto]:[localip]:[lport] advertise [publicip]:[pport]
196
+ * - it can be set many times to add more sockets to listen to */
186 197
 # listen=udp:10.0.0.10:5060
187 198
 
188 199
 /* life time of TCP connection when there is no traffic
... ...
@@ -204,7 +215,7 @@ tls_max_connections=2048
204 215
 #!endif
205 216
 
206 217
 /* set it to yes to enable sctp and load sctp.so module */
207
-disable_sctp = yes
218
+disable_sctp=yes
208 219
 
209 220
 ####### Custom Parameters #########
210 221
 
... ...
@@ -257,6 +268,7 @@ loadmodule "maxfwd.so"
257 268
 loadmodule "usrloc.so"
258 269
 loadmodule "registrar.so"
259 270
 loadmodule "textops.so"
271
+loadmodule "textopsx.so"
260 272
 loadmodule "siputils.so"
261 273
 loadmodule "xlog.so"
262 274
 loadmodule "sanity.so"
... ...
@@ -356,6 +368,10 @@ modparam("registrar", "method_filtering", 1)
356 368
 modparam("registrar", "max_expires", 3600)
357 369
 /* set it to 1 to enable GRUU */
358 370
 modparam("registrar", "gruu_enabled", 0)
371
+/* set it to 0 to disable Path handling */
372
+modparam("registrar", "use_path", 1)
373
+/* save Path even if not listed in Supported header */
374
+modparam("registrar", "path_mode", 0)
359 375
 
360 376
 # ----- acc params -----
361 377
 /* what special events should be accounted ? */
... ...
@@ -384,11 +400,13 @@ modparam("acc", "db_extra",
384 400
 #!endif
385 401
 
386 402
 # ----- usrloc params -----
403
+modparam("usrloc", "timer_interval", 60)
404
+modparam("usrloc", "timer_procs", 1)
405
+modparam("usrloc", "use_domain", MULTIDOMAIN)
387 406
 /* enable DB persistency for location entries */
388 407
 #!ifdef WITH_USRLOCDB
389 408
 modparam("usrloc", "db_url", DBURL)
390 409
 modparam("usrloc", "db_mode", 2)
391
-modparam("usrloc", "use_domain", MULTIDOMAIN)
392 410
 #!endif
393 411
 
394 412
 # ----- auth_db params -----
... ...
@@ -576,6 +594,9 @@ route[RELAY] {
576 594
 route[REQINIT] {
577 595
 	# no connect for sending replies
578 596
 	set_reply_no_connect();
597
+	# enforce symmetric signaling
598
+	# - send back replies to the source address of request
599
+	force_rport();
579 600
 
580 601
 #!ifdef WITH_ANTIFLOOD
581 602
 	# flood detection from same IP and traffic ban for a while
... ...
@@ -732,6 +753,10 @@ route[PRESENCE] {
732 753
 	}
733 754
 
734 755
 #!ifdef WITH_PRESENCE
756
+#!ifdef WITH_MSGREBUILD
757
+	# apply changes in case the request headers or body were modified
758
+	msg_apply_changes();
759
+#!endif
735 760
 	if (!t_newtran()) {
736 761
 		sl_reply_error();
737 762
 		exit;
... ...
@@ -798,7 +823,6 @@ route[AUTH] {
798 823
 # Caller NAT detection
799 824
 route[NATDETECT] {
800 825
 #!ifdef WITH_NAT
801
-	force_rport();
802 826
 	if (nat_uac_test("19")) {
803 827
 		if (is_method("REGISTER")) {
804 828
 			fix_nated_register();
... ...
@@ -879,7 +903,7 @@ route[DLGURI] {
879 903
 route[SIPOUT] {
880 904
 	if (uri==myself) return;
881 905
 
882
-	append_hf("P-hint: outbound\r\n");
906
+	append_hf("P-Hint: outbound\r\n");
883 907
 	route(RELAY);
884 908
 	exit;
885 909
 }
Browse code

kamailio.cfg: set disable_sctp to yes

- in auto mode a log message is printed about not having sctp module
loaded, which is not done in the default config

Daniel-Constantin Mierla authored on 08/07/2020 12:28:04
Showing 1 changed files
... ...
@@ -192,6 +192,10 @@ tcp_connection_lifetime=3605
192 192
 /* upper limit for TCP connections (it includes the TLS connections) */
193 193
 tcp_max_connections=2048
194 194
 
195
+#!ifdef WITH_JSONRPC
196
+tcp_accept_no_cl=yes
197
+#!endif
198
+
195 199
 #!ifdef WITH_TLS
196 200
 enable_tls=yes
197 201
 
... ...
@@ -199,9 +203,8 @@ enable_tls=yes
199 203
 tls_max_connections=2048
200 204
 #!endif
201 205
 
202
-#!ifdef WITH_JSONRPC
203
-tcp_accept_no_cl=yes
204
-#!endif
206
+/* set it to yes to enable sctp and load sctp.so module */
207
+disable_sctp = yes
205 208
 
206 209
 ####### Custom Parameters #########
207 210
 
Browse code

etc/kamailio.cfg: fixed comments reference to event route for jsonrpc handling

Daniel-Constantin Mierla authored on 27/01/2020 19:14:50
Showing 1 changed files
... ...
@@ -79,7 +79,7 @@
79 79
 #
80 80
 # *** To enable JSONRPC over HTTP(S) support execute:
81 81
 #     - define WITH_JSONRPC
82
-#     - adjust route[JSONRPC] for access policy
82
+#     - adjust event_route[xhttp:request] for access policy
83 83
 #
84 84
 # *** To enable anti-flood detection execute:
85 85
 #     - adjust pike and htable=>ipban settings as needed (default is
Browse code

kamailio.cfg: replaced xmlrpc with jsonrpc in default config

Daniel-Constantin Mierla authored on 11/12/2019 11:27:52
Showing 1 changed files
... ...
@@ -77,9 +77,9 @@
77 77
 #     - adjust CFGDIR/tls.cfg as needed
78 78
 #     - define WITH_TLS
79 79
 #
80
-# *** To enable XMLRPC support execute:
81
-#     - define WITH_XMLRPC
82
-#     - adjust route[XMLRPC] for access policy
80
+# *** To enable JSONRPC over HTTP(S) support execute:
81
+#     - define WITH_JSONRPC
82
+#     - adjust route[JSONRPC] for access policy
83 83
 #
84 84
 # *** To enable anti-flood detection execute:
85 85
 #     - adjust pike and htable=>ipban settings as needed (default is
... ...
@@ -199,6 +199,10 @@ enable_tls=yes
199 199
 tls_max_connections=2048
200 200
 #!endif
201 201
 
202
+#!ifdef WITH_JSONRPC
203
+tcp_accept_no_cl=yes
204
+#!endif
205
+
202 206
 ####### Custom Parameters #########
203 207
 
204 208
 /* These parameters can be modified runtime via RPC interface
... ...
@@ -235,6 +239,9 @@ voicemail.srv_port = "5060" desc "VoiceMail Port"
235 239
 loadmodule "db_mysql.so"
236 240
 #!endif
237 241
 
242
+#!ifdef WITH_JSONRPC
243
+loadmodule "xhttp.so"
244
+#!endif
238 245
 loadmodule "jsonrpcs.so"
239 246
 loadmodule "kex.so"
240 247
 loadmodule "corex.so"
... ...
@@ -298,10 +305,6 @@ loadmodule "htable.so"
298 305
 loadmodule "pike.so"
299 306
 #!endif
300 307
 
301
-#!ifdef WITH_XMLRPC
302
-loadmodule "xmlrpc.so"
303
-#!endif
304
-
305 308
 #!ifdef WITH_DEBUG
306 309
 loadmodule "debugger.so"
307 310
 #!endif
... ...
@@ -315,6 +318,9 @@ modparam("jsonrpcs", "pretty_format", 1)
315 318
 # modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo")
316 319
 /* set the path to RPC unix socket control file */
317 320
 # modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
321
+#!ifdef WITH_JSONRPC
322
+modparam("jsonrpcs", "transport", 7)
323
+#!endif
318 324
 
319 325
 # ----- ctl params -----
320 326
 /* set the path to RPC unix socket control file */
... ...
@@ -461,12 +467,6 @@ modparam("pike", "remove_latency", 4)
461 467
 modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
462 468
 #!endif
463 469
 
464
-#!ifdef WITH_XMLRPC
465
-# ----- xmlrpc params -----
466
-modparam("xmlrpc", "route", "XMLRPC");
467
-modparam("xmlrpc", "url_match", "^/RPC")
468
-#!endif
469
-
470 470
 #!ifdef WITH_DEBUG
471 471
 # ----- debugger params -----
472 472
 modparam("debugger", "cfgtrace", 1)
... ...
@@ -922,22 +922,24 @@ route[PSTN] {
922 922
 	return;
923 923
 }
924 924
 
925
-# XMLRPC routing
926
-#!ifdef WITH_XMLRPC
927
-route[XMLRPC] {
928
-	# allow XMLRPC from localhost
929
-	if ((method=="POST" || method=="GET")
930
-			&& (src_ip==127.0.0.1)) {
931
-		# close connection only for xmlrpclib user agents (there is a bug in
932
-		# xmlrpclib: it waits for EOF before interpreting the response).
933
-		if ($hdr(User-Agent) =~ "xmlrpclib")
934
-			set_reply_close();
935
-		set_reply_no_connect();
936
-		dispatch_rpc();
925
+# JSONRPC over HTTP(S) routing
926
+#!ifdef WITH_JSONRPC
927
+event_route[xhttp:request] {
928
+	set_reply_close();
929
+	set_reply_no_connect();
930
+	if(src_ip!=127.0.0.1) {
931
+		xhttp_reply("403", "Forbidden", "text/html",
932
+				"<html><body>Not allowed from $si</body></html>");
937 933
 		exit;
938 934
 	}
939
-	send_reply("403", "Forbidden");
940
-	exit;
935
+	if ($hu =~ "^/RPC") {
936
+		jsonrpc_dispatch();
937
+		exit;
938
+	}
939
+
940
+	xhttp_reply("200", "OK", "text/html",
941
+				"<html><body>Wrong URL $hu</body></html>");
942
+    exit;
941 943
 }
942 944
 #!endif
943 945
 
Browse code

cfg: fix error in RTPENGINE part, also load module

Henning Westerholt authored on 11/11/2019 15:08:04
Showing 1 changed files
... ...
@@ -282,8 +282,12 @@ loadmodule "presence_xml.so"
282 282
 
283 283
 #!ifdef WITH_NAT
284 284
 loadmodule "nathelper.so"
285
+#!ifdef WITH_RTPENGINE
286
+loadmodule "rtpengine.so"
287
+#!else
285 288
 loadmodule "rtpproxy.so"
286 289
 #!endif
290
+#!endif
287 291
 
288 292
 #!ifdef WITH_TLS
289 293
 loadmodule "tls.so"
Browse code

etc/kamailio.cfg: fix typo

Bastian Triller authored on 31/10/2019 12:08:32 • Daniel-Constantin Mierla committed on 31/10/2019 13:03:44
Showing 1 changed files
... ...
@@ -429,7 +429,7 @@ modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
429 429
 #!else
430 430
 # ----- rtpproxy params -----
431 431
 modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
432
-#!endit
432
+#!endif
433 433
 # ----- nathelper params -----
434 434
 modparam("nathelper", "natping_interval", 30)
435 435
 modparam("nathelper", "ping_nated_only", 1)
Browse code

kamailio.cfg: rebuilt the section for calling rtpengine_manage()

- fixes also missing ifdef check for WITH_RTPENGINE

Daniel-Constantin Mierla authored on 29/10/2019 09:26:12
Showing 1 changed files
... ...
@@ -818,18 +818,19 @@ route[NATMANAGE] {
818 818
 	}
819 819
 	if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
820 820
 
821
-	if(nat_uac_test("8")) {
822 821
 #!ifdef WITH_RTPENGINE
822
+	if(nat_uac_test("8")) {
823 823
 		rtpengine_manage("replace-origin replace-session-connection");
824
-#!else
825
-		rtpproxy_manage("co");
826
-#!endif
827 824
 	} else {
828 825
 		rtpengine_manage("trust-address replace-origin replace-session-connection");
826
+	}
829 827
 #!else
828
+	if(nat_uac_test("8")) {
829
+		rtpproxy_manage("co");
830
+	} else {
830 831
 		rtpproxy_manage("cor");
831
-#!endif
832 832
 	}
833
+#!endif
833 834
 
834 835
 	if (is_request()) {
835 836
 		if (!has_totag()) {
Browse code

kamailio.cfg: option to use rtpengine for nat traversal

- define WITH_NAT
- define WITH_RTPENGINE

Daniel-Constantin Mierla authored on 29/10/2019 09:22:05
Showing 1 changed files
... ...
@@ -45,10 +45,16 @@
45 45
 #
46 46
 # *** To enable nat traversal execute:
47 47
 #     - define WITH_NAT
48
+#     - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
48 49
 #     - install RTPProxy: http://www.rtpproxy.org
49 50
 #     - start RTPProxy:
50 51
 #        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
51
-#     - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
52
+#
53
+# *** To use RTPEngine (instead of RTPProxy) for nat traversal execute:
54
+#     - define WITH_RTPENGINE
55
+#     - install RTPEngine: https://github.com/sipwise/rtpengine
56
+#     - start RTPEngine:
57
+#        rtpengine --listen-ng=127.0.0.1:2223 ...
52 58
 #
53 59
 # *** To enable PSTN gateway routing execute:
54 60
 #     - define WITH_PSTN
... ...
@@ -417,9 +423,13 @@ modparam("presence_xml", "force_active", 1)
417 423
 #!endif
418 424
 
419 425
 #!ifdef WITH_NAT
426
+#!ifdef WITH_RTPENGINE
427
+# ----- rtpengine params -----
428
+modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
429
+#!else
420 430
 # ----- rtpproxy params -----
421 431
 modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
422
-
432
+#!endit
423 433
 # ----- nathelper params -----
424 434
 modparam("nathelper", "natping_interval", 30)
425 435
 modparam("nathelper", "ping_nated_only", 1)
... ...
@@ -809,9 +819,16 @@ route[NATMANAGE] {
809 819
 	if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
810 820
 
811 821
 	if(nat_uac_test("8")) {
822
+#!ifdef WITH_RTPENGINE
823
+		rtpengine_manage("replace-origin replace-session-connection");
824
+#!else
812 825
 		rtpproxy_manage("co");
826
+#!endif
813 827
 	} else {
828
+		rtpengine_manage("trust-address replace-origin replace-session-connection");
829
+#!else
814 830
 		rtpproxy_manage("cor");
831
+#!endif
815 832
 	}
816 833
 
817 834
 	if (is_request()) {
Browse code

etc/kamailio.cfg: switch from deprecated /var/run to /run

The FHS 3.0 [F] has deprecated /var/run in favor of /run. Current
distributions have done so for a long time (for example in Debian
since 6.0 “squeeze”), even though they provide a compatibility
symlink from /var/run to /run. But software like systemd have
started emitting warnings when using /var/run, for example for
its PIDFile directive, which pollutes the logs.

Daniel-Constantin Mierla authored on 25/10/2019 09:50:11
Showing 1 changed files
... ...
@@ -302,13 +302,13 @@ loadmodule "debugger.so"
302 302
 # ----- jsonrpcs params -----
303 303
 modparam("jsonrpcs", "pretty_format", 1)
304 304
 /* set the path to RPC fifo control file */
305
-# modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo")
305
+# modparam("jsonrpcs", "fifo_name", "/run/kamailio/kamailio_rpc.fifo")
306 306
 /* set the path to RPC unix socket control file */
307
-# modparam("jsonrpcs", "dgram_socket", "/var/run/kamailio/kamailio_rpc.sock")
307
+# modparam("jsonrpcs", "dgram_socket", "/run/kamailio/kamailio_rpc.sock")
308 308
 
309 309
 # ----- ctl params -----
310 310
 /* set the path to RPC unix socket control file */
311
-# modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")
311
+# modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")
312 312
 
313 313
 # ----- sanity params -----
314 314
 modparam("sanity", "autodrop", 0)
Browse code

etc/kamailio.cfg: updated comment to reflect 5.4 series

Daniel-Constantin Mierla authored on 04/10/2019 16:16:12
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio (OpenSER) SIP Server v5.3 - default configuration script
3
+# Kamailio (OpenSER) SIP Server v5.4 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

kamailio.cfg: set_forward_no_connect() only for initial requests going through nat

Daniel-Constantin Mierla authored on 09/09/2019 07:09:49
Showing 1 changed files
... ...
@@ -559,10 +559,6 @@ route[RELAY] {
559 559
 route[REQINIT] {
560 560
 	# no connect for sending replies
561 561
 	set_reply_no_connect();
562
-	if(has_totag()) {
563
-		# no connect for requests within dialog
564
-		set_forward_no_connect();
565
-	}
566 562
 
567 563
 #!ifdef WITH_ANTIFLOOD
568 564
 	# flood detection from same IP and traffic ban for a while
... ...
@@ -834,7 +830,11 @@ route[NATMANAGE] {
834 830
 
835 831
 	if(isbflagset(FLB_NATB)) {
836 832
 		# no connect message in a dialog involving NAT traversal
837
-		set_forward_no_connect();
833
+		if (is_request()) {
834
+			if(has_totag()) {
835
+				set_forward_no_connect();
836
+			}
837
+		}
838 838
 	}
839 839
 #!endif
840 840
 	return;
Browse code

etc/kamailio.cfg: detect sipvicious as scanner

Kevin Olbrich authored on 22/03/2019 20:45:35 • GitHub committed on 22/03/2019 20:45:35
Showing 1 changed files
... ...
@@ -581,7 +581,7 @@ route[REQINIT] {
581 581
 		}
582 582
 	}
583 583
 #!endif
584
-	if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
584
+	if($ua =~ "friendly-scanner|sipcli|sipvicious|VaxSIPUserAgent") {
585 585
 		# silent drop for scanners - uncomment next line if want to reply
586 586
 		# sl_send_reply("200", "OK");
587 587
 		exit;
Browse code

etc/kamailio.cfg: do sanity check for sip responses

Daniel-Constantin Mierla authored on 21/03/2019 13:30:06
Showing 1 changed files
... ...
@@ -310,6 +310,9 @@ modparam("jsonrpcs", "pretty_format", 1)
310 310
 /* set the path to RPC unix socket control file */
311 311
 # modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")
312 312
 
313
+# ----- sanity params -----
314
+modparam("sanity", "autodrop", 0)
315
+
313 316
 # ----- tm params -----
314 317
 # auto-discard branches from previous serial forking leg
315 318
 modparam("tm", "failure_reply_mode", 3)
... ...
@@ -595,7 +598,7 @@ route[REQINIT] {
595 598
 	}
596 599
 
597 600
 	if(!sanity_check("17895", "7")) {
598
-		xlog("Malformed SIP message from $si:$sp\n");
601
+		xlog("Malformed SIP request from $si:$sp\n");
599 602
 		exit;
600 603
 	}
601 604
 }
... ...
@@ -951,6 +954,14 @@ branch_route[MANAGE_BRANCH] {
951 954
 }
952 955
 
953 956
 # Manage incoming replies
957
+reply_route {
958
+	if(!sanity_check("17604", "6")) {
959
+		xlog("Malformed SIP response from $si:$sp\n");
960
+		drop;
961
+	}
962
+}
963
+
964
+# Manage incoming replies in transaction context
954 965
 onreply_route[MANAGE_REPLY] {
955 966
 	xdbg("incoming reply\n");
956 967
 	if(status=~"[12][0-9][0-9]") {
Browse code

etc/kamailio.cfg: no connect for forwarding requests withing dialog

- connections should be opened during the dialog creation and given that
tcp/tls source port is is most of the cases ephemeral, trying to connect
back fails

Daniel-Constantin Mierla authored on 21/03/2019 13:09:43
Showing 1 changed files
... ...
@@ -556,6 +556,10 @@ route[RELAY] {
556 556
 route[REQINIT] {
557 557
 	# no connect for sending replies
558 558
 	set_reply_no_connect();
559
+	if(has_totag()) {
560
+		# no connect for requests within dialog
561
+		set_forward_no_connect();
562
+	}
559 563
 
560 564
 #!ifdef WITH_ANTIFLOOD
561 565
 	# flood detection from same IP and traffic ban for a while
... ...
@@ -826,7 +830,7 @@ route[NATMANAGE] {
826 830
 	}
827 831
 
828 832
 	if(isbflagset(FLB_NATB)) {
829
-		# message in a dialog involving NAT traversal - no connect
833
+		# no connect message in a dialog involving NAT traversal
830 834
 		set_forward_no_connect();
831 835
 	}
832 836
 #!endif
Browse code

etc/kamailio.cfg: set no connect flags for replies and natted messages

Daniel-Constantin Mierla authored on 20/03/2019 14:15:12
Showing 1 changed files
... ...
@@ -554,6 +554,9 @@ route[RELAY] {
554 554
 
555 555
 # Per SIP request initial checks
556 556
 route[REQINIT] {
557
+	# no connect for sending replies
558
+	set_reply_no_connect();
559
+
557 560
 #!ifdef WITH_ANTIFLOOD
558 561
 	# flood detection from same IP and traffic ban for a while
559 562
 	# be sure you exclude checking trusted peers, such as pstn gateways
... ...
@@ -821,6 +824,11 @@ route[NATMANAGE] {
821 824
 				set_contact_alias();
822 825
 		}
823 826
 	}
827
+
828
+	if(isbflagset(FLB_NATB)) {
829
+		# message in a dialog involving NAT traversal - no connect
830
+		set_forward_no_connect();
831
+	}
824 832
 #!endif
825 833
 	return;
826 834
 }
Browse code

kamailio.cfg: explicitely set the tcp/tls connections upper limits

- notes about tcp_children and relation with children parameter

Daniel-Constantin Mierla authored on 19/02/2019 16:37:40
Showing 1 changed files
... ...
@@ -158,12 +158,16 @@ memlog=5
158 158
 log_facility=LOG_LOCAL0
159 159
 log_prefix="{$mt $hdr(CSeq) $ci} "
160 160
 
161
-/* number of SIP routing processes */
161
+/* number of SIP routing processes for each UDP socket
162
+ * - value inherited by tcp_children and sctp_children when not set explicitely */
162 163
 children=8
163 164
 
164 165
 /* uncomment the next line to disable TCP (default on) */
165 166
 # disable_tcp=yes
166 167
 
168
+/* number of SIP routing processes for all TCP/TLS sockets */
169
+# tcp_children=8
170
+
167 171
 /* uncomment the next line to disable the auto discovery of local aliases
168 172
  * based on reverse DNS on IPs (default on) */
169 173
 # auto_aliases=no
... ...
@@ -175,14 +179,20 @@ children=8
175 179
  * bind on a specific interface/port/proto (default bind on all available) */
176 180
 # listen=udp:10.0.0.10:5060
177 181
 
178
-#!ifdef WITH_TLS
179
-enable_tls=yes
180
-#!endif
181
-
182 182
 /* life time of TCP connection when there is no traffic
183 183
  * - a bit higher than registration expires to cope with UA behind NAT */
184 184
 tcp_connection_lifetime=3605
185 185
 
186
+/* upper limit for TCP connections (it includes the TLS connections) */
187
+tcp_max_connections=2048
188
+
189
+#!ifdef WITH_TLS
190
+enable_tls=yes
191
+
192
+/* upper limit for TLS connections */
193
+tls_max_connections=2048
194
+#!endif
195
+
186 196
 ####### Custom Parameters #########
187 197
 
188 198
 /* These parameters can be modified runtime via RPC interface
Browse code

kamailio.cfg: set cuurent version in comments

Daniel-Constantin Mierla authored on 22/01/2019 16:53:55
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio (OpenSER) SIP Server v5.2 - default configuration script
3
+# Kamailio (OpenSER) SIP Server v5.3 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

kamailio.cfg: added via1 sanity check in default config

Daniel-Constantin Mierla authored on 20/09/2018 11:07:00
Showing 1 changed files
... ...
@@ -577,7 +577,7 @@ route[REQINIT] {
577 577
 		exit;
578 578
 	}
579 579
 
580
-	if(!sanity_check("1511", "7")) {
580
+	if(!sanity_check("17895", "7")) {
581 581
 		xlog("Malformed SIP message from $si:$sp\n");
582 582
 		exit;
583 583
 	}
Browse code

kamailio.cfg: small sample for number normalization on pstw gw routing

Daniel-Constantin Mierla authored on 03/05/2018 07:50:57
Showing 1 changed files
... ...
@@ -854,6 +854,13 @@ route[PSTN] {
854 854
 		exit;
855 855
 	}
856 856
 
857
+	# normalize target number for pstn gateway
858
+	# - convert leading 00 to +
859
+	if (starts_with("$rU", "00")) {
860
+		strip(2);
861
+		prefix("+");
862
+	}
863
+
857 864
 	if (strempty($sel(cfg_get.pstn.gw_port))) {
858 865
 		$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
859 866
 	} else {
Browse code

etc/kamailio.cfg: do not relay to foreign network if auth is not enabled

- anyone can use a local account and flood external systems

Daniel-Constantin Mierla authored on 15/03/2018 07:55:22
Showing 1 changed files
... ...
@@ -750,6 +750,14 @@ route[AUTH] {
750 750
 		exit;
751 751
 	}
752 752
 
753
+#!else
754
+
755
+	# authentication not enabled - do not relay at all to foreign networks
756
+	if(uri!=myself) {
757
+		sl_send_reply("403","Not relaying");
758
+		exit;
759
+	}
760
+
753 761
 #!endif
754 762
 	return;
755 763
 }
Browse code

etc/kamailio.cfg: added log_prefix

- removed commented port example

Daniel-Constantin Mierla authored on 13/11/2017 20:57:42
Showing 1 changed files
... ...
@@ -156,6 +156,7 @@ memdbg=5
156 156
 memlog=5
157 157
 
158 158
 log_facility=LOG_LOCAL0
159
+log_prefix="{$mt $hdr(CSeq) $ci} "
159 160
 
160 161
 /* number of SIP routing processes */
161 162
 children=8
... ...
@@ -168,15 +169,12 @@ children=8
168 169
 # auto_aliases=no
169 170
 
170 171
 /* add local domain aliases */
171
-#alias="sip.mydomain.com"
172
+# alias="sip.mydomain.com"
172 173
 
173 174
 /* uncomment and configure the following line if you want Kamailio to
174 175
  * bind on a specific interface/port/proto (default bind on all available) */
175 176
 # listen=udp:10.0.0.10:5060
176 177
 
177
-/* port to listen to (default 5060 for udp, tcp, scrtp, or 5061 for tls)*/
178
-# port=5060
179
-
180 178
 #!ifdef WITH_TLS
181 179
 enable_tls=yes
182 180
 #!endif
Browse code

etc/kamailio.cfg: updated note about kamailio version

Daniel-Constantin Mierla authored on 13/11/2017 20:53:52
Showing 1 changed files
... ...
@@ -1,6 +1,6 @@
1 1
 #!KAMAILIO
2 2
 #
3
-# Kamailio (OpenSER) SIP Server v5.1 - default configuration script
3
+# Kamailio (OpenSER) SIP Server v5.2 - default configuration script
4 4
 #     - web: https://www.kamailio.org
5 5
 #     - git: https://github.com/kamailio/kamailio
6 6
 #
Browse code

kamailio.cfg: filter out sip scanner even when anti-flood is not enabled

- better protection with default installation

Daniel-Constantin Mierla authored on 07/08/2017 12:21:08
Showing 1 changed files
... ...
@@ -562,12 +562,12 @@ route[REQINIT] {
562 562
 			exit;
563 563
 		}
564 564
 	}
565
-	if($ua =~ "friendly-scanner|sipcli") {
565
+#!endif
566
+	if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
566 567
 		# silent drop for scanners - uncomment next line if want to reply
567 568
 		# sl_send_reply("200", "OK");
568 569
 		exit;
569 570
 	}
570
-#!endif
571 571
 
572 572
 	if (!mf_process_maxfwd_header("10")) {
573 573
 		sl_send_reply("483","Too Many Hops");
Browse code

examples, modules: fix common typo [skip ci]

Mikko Lehto authored on 02/06/2017 00:36:51
Showing 1 changed files
... ...
@@ -597,7 +597,7 @@ route[WITHINDLG] {
597 597
 			setflag(FLT_ACC); # do accounting ...
598 598
 			setflag(FLT_ACCFAILED); # ... even if the transaction fails
599 599
 		} else if ( is_method("ACK") ) {
600
-			# ACK is forwarded statelessy
600
+			# ACK is forwarded statelessly
601 601
 			route(NATMANAGE);
602 602
 		}