OpenPKG Specs: opensips/opensips.cfg@9fe04d4d4e5a (annotated)

opensips/opensips.cfg@9fe04d4d4e5a (annotated)

opensips/opensips.cfg

Mon, 17 Sep 2012 19:10:10 +0200

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Mon, 17 Sep 2012 19:10:10 +0200
changeset 689: 9fe04d4d4e5a
parent 382: b972dc20871f
permissions: -rw-r--r--

Update to new version of vendor software although Oracle fails to deliver.
More specifically, newer db(3) patch revisions exist but Oracle has
removed them from the canonical download server URI for Berkely DB.

 ##
 ##  opensips.cfg -- OpenSIPS server configuration
 ##
 # General configuration help available at:
 # http://siprouter.teigre.com/doc/gettingstarted/
 # Specific routing help available at:
 # http://www.opensips.org/index.php?n=Resources.DocsCoreRoutes
 # Information on debug and log levels
 # http://www.voice-system.ro/docs/ser-syslog/
 # Die Konfigbloecke sind:
 #   Global Configuration Parameters
 #   Extension Module Loading
 #   Extension Module Configuration
 #   Main Request Routing Logic
 #   Secondary Request Routing Logic
 #   Branch Request Routing Logic
 #   Reply Request Routing Logic
 #   Failure Request Routing Logic
 #   Local Request Routing Logic
 #   Error Request Routing Logic
 #
 # Logging:
 #   L_ALERT (-3) - used if the error requires immediate action.
 #   L_CRIT (-2)  - used if the error is a critical situation.
 #   L_ERR (-1)   - used if the error doesn't cause system malfunctioning.
 #   L_WARN (1)   - used to write warning messages.
 #   L_NOTICE (2) - used to report unusual situations.
 #   L_INFO (3)   - used to write informational messages.
 #   L_DBG (4)    - used to write messages for debugging.
 #
 #   Global Configuration Parameters
 #
 #   process configuration
 debug=4
 log_stderror=no
 fork=yes
 children=2
 tcp_children=2
 user="@l_rusr@"
 group="@l_rgrp@"
 wdir="@l_prefix@/var/opensips"
 #   network configuration
 listen=udp:voip.realhost.tld:5060
 #listen = tls:voip.realhost.tld:5061
 #   network aliases
 alias=voip.firsthost.tld:5060
 #alias=voip.firsthost.tld:5061
 alias=voip.secondhost.tld:5060
 #alias=voip.secondhost.tld:5061
 #   enable TLS
 #https://confluence.terena.org/display/IPTelCB/3.5.2.+TLS+for+OpenSER+(UA-Proxy)
 #http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
 #
 #Run 'openserctl tls rootCA' to create @l_prefix@/etc/openser/tls/rootCA/cacert.pem.
 #Run 'openserctl tls userCERT' to create user-calist.pem, user-cert.pem, user-cert_req.pem, and user-privkey.pem in @l_prefix@/etc/openser/tls/user/.
 #Copy @l_prefix@/etc/openser/tls/rootCA/cacert.pem to the client host.
 #On Windows XP client hosts, run 'certmrg.msc' to import the certificate into the root certificate store.
 #
 #disable_tls       = 0
 #tls_method        = TLSv1
 #tls_verify_server = 1
 #tls_verify_client = 1
 #tls_require_client_certificate = 1
 #tls_ciphers_list  = "HIGH:MEDIUM:!ADH"  # openssl ciphers -v HIGH:MEDIUM
 #tls_certificate = "@l_prefix@/etc/opensips/tls/user/user-cert.pem"
 #tls_private_key = "@l_prefix@/etc/opensips/tls/user/user-privkey.pem"
 #tls_ca_list = "@l_prefix@/etc/opensips/tls/user/user-calist.pem"
 #
 #   Extension Module Loading
 #   http://www.opensips.org/index.php?n=Resources.DocsModules
 #
 # set module path
 mpath="@l_prefix@/lib/opensips/modules/"
 loadmodule "sl.so"          # Stateless replier
 loadmodule "tm.so"          # Transaction stateful
 loadmodule "signaling.so"   # Signaling wrapper of sl/tm
 loadmodule "rr.so"          # Record Route and Route
 loadmodule "maxfwd.so"      # Maximum Forward processor
 loadmodule "db_text.so"     # Text backend for database API
 loadmodule "usrloc.so"      # User location implementation
 loadmodule "registrar.so"   # SIP Registrar implementation
 loadmodule "uri.so"         # Generic URI operation
 loadmodule "auth.so"        # Authentication Interface
 loadmodule "textops.so"     # Text based manipulations
 loadmodule "acc.so"         # Accounting
 loadmodule "auth_db.so"     # Database backend authentication
 loadmodule "mi_fifo.so"     # FIFO support for Management Interface
 #loadmodule "flatstore.so"   # Fast writing only text database
 #loadmodule "alias_db.so"    # Database aliases
 #loadmodule "domain.so"      # Multidomain support
 #loadmodule "nathelper.so"   # NAT traversal helper
 #loadmodule "enum.so"        # ENUM lookup
 #
 #   Extension Module Configuration
 #
 # ----- dbtext params -----
 modparam("db_text", "db_mode", 0)  # caching for persistence
 # ----- multimodule params -----
 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db")
 # ----- rr params -----
 modparam("rr", "append_fromtag", 1)  # important when using detect_direction
 # ----- usrloc params -----
 /* see 'multimodule params' as well */
 modparam("usrloc", "db_mode", 2)  # Write back database persistence scheme
 # ----- registrar params -----
 modparam("registrar", "max_contacts", 10)  # contacts per AOR allowed
 # ----- acc params -----
 /* see 'multimodule params' as well */
 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db")
 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc")
 modparam("acc", "early_media", 1)
 modparam("acc", "report_cancels", 1)
 modparam("acc", "detect_direction", 1)
 modparam("acc", "log_level", 2)
 modparam("acc", "log_flag", 1)
 modparam("acc", "log_missed_flag", 2)
 modparam("acc", "db_flag", 1)
 modparam("acc", "db_missed_flag", 2)
 modparam("acc", "failed_transaction_flag", 4)
 # ----- mi_fifo params -----
 modparam("mi_fifo", "fifo_name", "@l_prefix@/var/opensips/opensips.fifo")
 modparam("mi_fifo", "reply_dir", "@l_prefix@/var/opensips/tmp/")
 #
 #   Main Request Routing Logic
 #
 route {
     # message diagnostics
     #log(3, "new branch at $ru\n");
     xlog("L_INFO", "$rm: Orig - $ou\n");
     xlog("L_INFO", "$rm: Req  - $ru\n");
     xlog("L_INFO", "$rm: To   - $tu\n");
     xlog("L_INFO", "$rm: Dest - $du\n");
     xlog("L_INFO", "$rm: From - $fu\n");
     # sanity checks
     if (!mf_process_maxfwd_header("10")) {  # avoid loops in forward logic
         sl_send_reply("483","Too Many Hops");
         exit;
     }
     if (msg:len > max_len) {  # repel DoS attacks
         sl_send_reply("513", "Message Too Large");
         exit;
     };
     # sequential request within a dialog should
     # take the path determined by record routing
     if (has_totag()) {
         if (loose_route()) {
             if (is_method("BYE")) {
                 setflag(1); # do accouting...
                 setflag(4); # ...even if the transaction fails
             }
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
         } else {
             sl_send_reply("404", "Not Found");
         }
         exit;
     }
     #
     # initial requests
     #
     if (is_method("CANCEL")) {  # CANCEL processing
         if (t_check_trans())
             t_relay();
         exit;
     }
     t_check_trans();
     # authenticate if from local subscriber (uncomment to enable auth)
     #if (!is_method("REGISTER") && from_uri == myself) {
     #    if (!proxy_authorize("", "subscriber")) {
     #        proxy_challenge("", "0");
     #        exit;
     #    }
     #    if (!check_from()) {
     #        sl_send_reply("403","Forbidden");
     #        exit;
     #    }
     #
     #    consume_credentials();
     #    # caller authenticated
     #}
     #   record route all messages to ensure that subsequent messages
     #   will go through our proxy, particularly good if upstream
     #   and downstream entities use different transport protocol
     if (!is_method("REGISTER|MESSAGE")) {
         record_route();
     }
     # account only INVITEs
     if (is_method("INVITE")) {
         setflag(1);
     }
     if (!uri == myself) {
     /* replace with following line if multidomain support is used */
     #if (!is_uri_host_local()) {
         append_hf("P-hint: outbound\r\n");
         # if you have some interdomain connections via TLS
         #if ($rd == "tls_domain1.net") {
         #    t_relay("tls:domain1.net");
         #    exit;
         #} else if ($rd == "tls_domain2.net") {
         #    t_relay("tls:domain2.net");
         #    exit;
         #}
         route(1);
     }
     #
     # requests for my domain
     #
     if (is_method("PUBLISH")) {
         sl_send_reply("503", "Service Unavailable");
         exit;
     }
     if (is_method("REGISTER")) {
         # authenticate the REGISTER requests (uncomment to enable auth)
         #if (!www_authorize("", "subscriber")) {
         #    www_challenge("", "0");
         #    exit;
         #}
         #
         #if (!check_to()) {
         #    sl_send_reply("403","Forbidden");
         #    exit;
         #}
         if (!save("location"))
             sl_reply_error();
         exit;
     }
     if ($rU == NULL) {
         # request with no Username in RURI
         sl_send_reply("484","Address Incomplete");
         exit;
     }
     lookup("location");
     switch ($retcode) {
         case 1:
             append_hf("P-hint: usrloc applied\r\n");
             break;
         case -1:
             t_newtran();
             t_reply("404", "Not Found");
             exit;
         case -2:
             sl_send_reply("405", "Method Not Allowed");
             exit;
         case -3:
             t_newtran();
             t_reply("500", "Server Internal Error");
             exit;
     }
     setflag(2);  # when routing via usrloc then
     route(1);    # log the missed calls as well
 }
 #
 #   Secondary Request Routing Logic
 #
 route[1] {
     # for INVITEs enable some additional helper routes
     if (is_method("INVITE")) {
         t_on_branch("1");
         t_on_reply("1");
         t_on_failure("1");
     }
     # send with stateful forwarding which works reliably even for UDP2TCP
     if (!t_relay())
         sl_reply_error();
     exit;  # safeguard
 }
 #
 #   Branch Request Routing Logic
 #
 branch_route[1] {
     xlog("L_INFO", "new branch at $ru\n");
 }
 #
 #   Reply Request Routing Logic
 #
 onreply_route[1] {
     xlog("L_INFO", "incoming reply at $ru\n");
 #    if ($ua =~ fritz.box)
 #        xlog("L_ERR", "$rm: The Fritzbox replied!\n");
 #    if ($ua =~ fritz.box && has_body("application/sdp"))
 #        search_append_body("a=sendrecv.*", "\na=ptime:30");
 }
 #
 #   Failure Request Routing Logic
 #
 failure_route[1] {
     xlog("L_INFO", "failed route at $ru\n");
     if (t_was_cancelled())
         exit;
     # uncomment the following lines to block
     # client redirect based on 3xx replies
     #if (t_check_status("3[0-9][0-9]")) {
     #t_reply("404","Not Found");
     #    exit;
     #}
     # uncomment the following lines to redirect
     # failed calls to a different new destination
     #if (t_check_status("486|408")) {
     #    sethostport("192.168.2.100:5060");
     #    append_branch();
     #    # do not set the missed call flag again
     #    t_relay();
     #}
 }
 #
 #   Local Request Routing Logic
 #
 local_route {
     if (is_method("INVITE") && $ru=~"@foreign.tld") {
         append_hf("P-hint: foreign request\r\n");
         exit;
     }
     if (is_method("BYE"))
         xlog("L_INFO", "internally generated BYE\n");
 }
 #
 #   Error Request Routing Logic
 #
 error_route {
     xlog("L_ERR", "error route class=$(err.class) level=$(err.level) info=$(err.info) rcode=$(err.rcode) rreason=$(err.rreason)\n");
     xlog("L_ERR", "error from [$si:$sp]\n");
     xlog("L_ERR", "++++\n$mb\n++++\n");
     sl_send_reply("$err.rcode", "$err.rreason");
     exit;
 }

OpenPKG Specs / annotate

opensips/opensips.cfg@9fe04d4d4e5a (annotated)

opensips/opensips.cfg