opensips/opensips.cfg@8f552d1cd671 (annotated)
opensips/opensips.cfg
Wed, 21 Sep 2011 14:02:13 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 21 Sep 2011 14:02:13 +0200
- changeset 376
- 8f552d1cd671
- child 377
- 67e813202d53
- permissions
- -rw-r--r--
Import package vendor original specs for necessary manipulations.
| michael@376 | 1 | ## |
| michael@376 | 2 | ## opensips.cfg -- OpenSIPS server configuration |
| michael@376 | 3 | ## |
| michael@376 | 4 | |
| michael@376 | 5 | # |
| michael@376 | 6 | # GLOBAL CONFIGURATION PARAMETERS |
| michael@376 | 7 | # |
| michael@376 | 8 | |
| michael@376 | 9 | # process configuration |
| michael@376 | 10 | debug=1 |
| michael@376 | 11 | log_stderror=no |
| michael@376 | 12 | fork=yes |
| michael@376 | 13 | check_via=no |
| michael@376 | 14 | dns=no |
| michael@376 | 15 | rev_dns=no |
| michael@376 | 16 | children=4 |
| michael@376 | 17 | user="@l_rusr@" |
| michael@376 | 18 | group="@l_rgrp@" |
| michael@376 | 19 | fifo="@l_prefix@/var/opensips/opensips.fifo" |
| michael@376 | 20 | workdir="@l_prefix@/var/opensips" |
| michael@376 | 21 | |
| michael@376 | 22 | # network configuration |
| michael@376 | 23 | alias="sip.example.com" |
| michael@376 | 24 | listen="127.0.0.1" |
| michael@376 | 25 | port=5060 |
| michael@376 | 26 | |
| michael@376 | 27 | # |
| michael@376 | 28 | # EXTENSION MODULE LOADING |
| michael@376 | 29 | # |
| michael@376 | 30 | |
| michael@376 | 31 | #loadmodule "@l_prefix@/lib/opensips/modules/dbtext.so" |
| michael@376 | 32 | |
| michael@376 | 33 | loadmodule "@l_prefix@/lib/opensips/modules/sl.so" |
| michael@376 | 34 | loadmodule "@l_prefix@/lib/opensips/modules/tm.so" |
| michael@376 | 35 | loadmodule "@l_prefix@/lib/opensips/modules/rr.so" |
| michael@376 | 36 | loadmodule "@l_prefix@/lib/opensips/modules/maxfwd.so" |
| michael@376 | 37 | loadmodule "@l_prefix@/lib/opensips/modules/usrloc.so" |
| michael@376 | 38 | loadmodule "@l_prefix@/lib/opensips/modules/registrar.so" |
| michael@376 | 39 | loadmodule "@l_prefix@/lib/opensips/modules/textops.so" |
| michael@376 | 40 | |
| michael@376 | 41 | #loadmodule "@l_prefix@/lib/opensips/modules/auth.so" |
| michael@376 | 42 | #loadmodule "@l_prefix@/lib/opensips/modules/auth_db.so" |
| michael@376 | 43 | |
| michael@376 | 44 | #loadmodule "@l_prefix@/lib/opensips/modules/nathelper.so" |
| michael@376 | 45 | |
| michael@376 | 46 | # |
| michael@376 | 47 | # EXTENSION MODULE CONFIGURATION |
| michael@376 | 48 | # |
| michael@376 | 49 | |
| michael@376 | 50 | # module rr: |
| michael@376 | 51 | modparam("rr", "enable_full_lr", 1) |
| michael@376 | 52 | |
| michael@376 | 53 | # module usrloc: |
| michael@376 | 54 | modparam("usrloc", "db_mode", 0) |
| michael@376 | 55 | #modparam("usrloc", "db_mode", 2) |
| michael@376 | 56 | #modparam("usrloc|auth_db", "db_url", "dbtext://@l_prefix@/var/opensips/db") |
| michael@376 | 57 | |
| michael@376 | 58 | # module auth: |
| michael@376 | 59 | #modparam("auth_db", "calculate_ha1", 1) |
| michael@376 | 60 | #modparam("auth_db", "password_column", "password") |
| michael@376 | 61 | #modparam("auth_db", "user_column", "username") |
| michael@376 | 62 | #modparam("auth_db", "domain_column", "domain") |
| michael@376 | 63 | |
| michael@376 | 64 | # module nathelper: |
| michael@376 | 65 | #modparam("registrar", "nat_flag", 6) |
| michael@376 | 66 | #modparam("nathelper", "natping_interval", 30) |
| michael@376 | 67 | #modparam("nathelper", "ping_nated_only", 1) |
| michael@376 | 68 | #modparam("nathelper", "rtpproxy_sock", "unix:@l_prefix@/var/opensips/opensips_rtpproxy.sock") |
| michael@376 | 69 | #modparam("nathelper", "rtpproxy_disable", 0) |
| michael@376 | 70 | #modparam("nathelper", "rtpproxy_disable_tout", 20) |
| michael@376 | 71 | #modparam("nathelper", "sipping_from", "sip:pinger@sip.example.com") |
| michael@376 | 72 | |
| michael@376 | 73 | # |
| michael@376 | 74 | # MAIN ROUTING LOGIC |
| michael@376 | 75 | # |
| michael@376 | 76 | |
| michael@376 | 77 | route{ |
| michael@376 | 78 | # initial sanity checks -- messages with |
| michael@376 | 79 | # max_forwards==0, or excessively long requests |
| michael@376 | 80 | if (!mf_process_maxfwd_header("10")) { |
| michael@376 | 81 | sl_send_reply("483", "Too Many Hops"); |
| michael@376 | 82 | exit; |
| michael@376 | 83 | }; |
| michael@376 | 84 | if (msg:len >= max_len) { |
| michael@376 | 85 | sl_send_reply("513", "Message too big"); |
| michael@376 | 86 | exit; |
| michael@376 | 87 | }; |
| michael@376 | 88 | |
| michael@376 | 89 | #if (method == "INVITE" && uri != myself) { |
| michael@376 | 90 | # sl_send_reply("403", "No relaying"); |
| michael@376 | 91 | # exit; |
| michael@376 | 92 | #}; |
| michael@376 | 93 | |
| michael@376 | 94 | # NAT: special handling for NAT'ed clients; first, NAT test is |
| michael@376 | 95 | # executed: it looks for via!=received and RFC1918 addresses in |
| michael@376 | 96 | # Contact (may fail if line-folding is used); also, the received |
| michael@376 | 97 | # test should, if completed, should check all vias for presence of |
| michael@376 | 98 | # received. |
| michael@376 | 99 | #if (nat_uac_test("3")) { |
| michael@376 | 100 | # # allow RR-ed requests, as these may indicate that NAT-enabled |
| michael@376 | 101 | # # aproxy takes care of it; unless it is REGISTER |
| michael@376 | 102 | # if (method == "REGISTER" || ! search("^Record-Route:")) { |
| michael@376 | 103 | # log("LOG: Someone trying to register from private IP, rewriting\n"); |
| michael@376 | 104 | # fix_nated_contact(); # rewrite contact with source IP of signalling |
| michael@376 | 105 | # if (method == "INVITE") { |
| michael@376 | 106 | # fix_nated_sdp("1"); # add direction=active to SDP |
| michael@376 | 107 | # }; |
| michael@376 | 108 | # force_rport(); # add rport parameter to topmost Via |
| michael@376 | 109 | # setflag(6); # mark as NAT'ed |
| michael@376 | 110 | # }; |
| michael@376 | 111 | #}; |
| michael@376 | 112 | |
| michael@376 | 113 | # we record-route all messages -- to make sure that |
| michael@376 | 114 | # subsequent messages will go through our proxy; that's |
| michael@376 | 115 | # particularly good if upstream and downstream entities |
| michael@376 | 116 | # use different transport protocol |
| michael@376 | 117 | if (method != "REGISTER") { |
| michael@376 | 118 | record_route(); |
| michael@376 | 119 | }; |
| michael@376 | 120 | |
| michael@376 | 121 | # subsequent messages withing a dialog should take the |
| michael@376 | 122 | # path determined by record-routing |
| michael@376 | 123 | if (loose_route()) { |
| michael@376 | 124 | # mark routing logic in request |
| michael@376 | 125 | append_hf("P-hint: rr-enforced\r\n"); |
| michael@376 | 126 | route(1); |
| michael@376 | 127 | }; |
| michael@376 | 128 | |
| michael@376 | 129 | if (uri != myself) { |
| michael@376 | 130 | # mark routing logic in request |
| michael@376 | 131 | append_hf("P-hint: outbound\r\n"); |
| michael@376 | 132 | route(1); |
| michael@376 | 133 | }; |
| michael@376 | 134 | |
| michael@376 | 135 | # if the request is for other domain use USRLOC |
| michael@376 | 136 | # (in case, it does not work, use the following command |
| michael@376 | 137 | # with proper names and addresses in it) |
| michael@376 | 138 | if (uri == myself) { |
| michael@376 | 139 | if (method == "REGISTER") { |
| michael@376 | 140 | # uncomment this if you want to use digest authentication |
| michael@376 | 141 | #if (!www_authorize("sip.example.com", "subscriber")) { |
| michael@376 | 142 | # www_challenge("sip.example.com", "0"); |
| michael@376 | 143 | # exit; |
| michael@376 | 144 | #}; |
| michael@376 | 145 | save("location"); |
| michael@376 | 146 | exit; |
| michael@376 | 147 | }; |
| michael@376 | 148 | |
| michael@376 | 149 | lookup("aliases"); |
| michael@376 | 150 | if (uri != myself) { |
| michael@376 | 151 | append_hf("P-hint: outbound alias\r\n"); |
| michael@376 | 152 | route(1); |
| michael@376 | 153 | }; |
| michael@376 | 154 | |
| michael@376 | 155 | # native SIP destinations are handled using our USRLOC DB |
| michael@376 | 156 | if (!lookup("location")) { |
| michael@376 | 157 | sl_send_reply("404", "Not Found"); |
| michael@376 | 158 | exit; |
| michael@376 | 159 | }; |
| michael@376 | 160 | append_hf("P-hint: usrloc applied\r\n"); |
| michael@376 | 161 | }; |
| michael@376 | 162 | |
| michael@376 | 163 | route(1); |
| michael@376 | 164 | } |
| michael@376 | 165 | |
| michael@376 | 166 | route[1] { |
| michael@376 | 167 | # disable RFC1918 peers |
| michael@376 | 168 | if (uri =~ "[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")) { |
| michael@376 | 169 | sl_send_reply("479", "We don't forward to RFC 1918 IPv4 addresses"); |
| michael@376 | 170 | exit; |
| michael@376 | 171 | }; |
| michael@376 | 172 | |
| michael@376 | 173 | # NAT: if client or server know to be behind a NAT, enable relay |
| michael@376 | 174 | #if (isflagset(6)) { |
| michael@376 | 175 | # force_rtp_proxy(); |
| michael@376 | 176 | #}; |
| michael@376 | 177 | |
| michael@376 | 178 | # NAT: processing of replies; apply to all transactions |
| michael@376 | 179 | #t_on_reply("1"); |
| michael@376 | 180 | |
| michael@376 | 181 | # send it out now; use stateful forwarding as it works reliably even for UDP2TCP |
| michael@376 | 182 | if (!t_relay()) { |
| michael@376 | 183 | sl_reply_error(); |
| michael@376 | 184 | }; |
| michael@376 | 185 | } |
| michael@376 | 186 | |
| michael@376 | 187 | #onreply_route[1] { |
| michael@376 | 188 | # NAT: is it a NAT'ed transaction ? |
| michael@376 | 189 | # otherwise, is it a transaction behind a NAT and we did not |
| michael@376 | 190 | # know at time of request processing ? (RFC1918 contacts) |
| michael@376 | 191 | #if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { |
| michael@376 | 192 | # fix_nated_contact(); |
| michael@376 | 193 | # force_rtp_proxy(); |
| michael@376 | 194 | #} else if (nat_uac_test("1")) { |
| michael@376 | 195 | # fix_nated_contact(); |
| michael@376 | 196 | #}; |
| michael@376 | 197 | #} |
| michael@376 | 198 |
