OpenPKG Specs / annotate

opensips/opensips.cfg@fd611cde817f (annotated)

opensips/opensips.cfg

Sat, 24 Mar 2012 21:40:49 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 24 Mar 2012 21:40:49 +0100
changeset 414
fd611cde817f
parent 382
b972dc20871f
permissions
-rw-r--r--

Introduce many changes to the buildconf and source code including:
(01) clean up, update, and partially update default config files,
(02) seems that Melware is unable to perform release engineering so
update chan_capi to new daily snapshot to solve echo problems,
(03) correct Asterisk inadequate hard coded gmime version check,
(04) force postgresql pthreads linkage to solve build problem,
(05) remove buggy hard coded LibXML configure definitions,
(06) remove local architecture specification to allow GCC
internal logic to determine proper CPU type instead,
(07) remove vendor sound install target causing uncontrolled
downloads and non RPM managed file installation,
(08) solve long outstanding bug in tcptls causing Asterisk
to ignore any intermediate CA certificate signatures,
(09) back out Digium engineering team's bright idea of replacing the
very portable and pervasive POSIX rand(1) with ast_random(), and
then not even implementing it causing all references to fail in
platforms not providing the very new POSIX.1-2008 mkdtemp(3)
function only distributed by BSD and some Linux,
(10) withdraw advanced linker symbol manipulations from SVR5 builds
until either Binutils supports hybrid versioned and anonymous
linker scripts or GCC stops hard coding versioned linker scripts,
(11) correct missing library linkage, some tailored to a specific OS,
(12) remove outdated logic for the no longer distributed gmime-config(1),
(13) remove local gmime buildconf hacks now that Asterisk has corrected
their own build configuration to almost portably support gmime,
(14) solve build problems relating to undetected LibXML paths,
(15) correct erroneous out of tree include definitions,
(16) improve some variable and comment naming,
(17) simplify sound language path hierarchy creation,
and correct australian english installation logic.

michael@376 1 ##
michael@376 2 ## opensips.cfg -- OpenSIPS server configuration
michael@376 3 ##
michael@376 4
michael@377 5
michael@377 6 # General configuration help available at:
michael@377 7 # http://siprouter.teigre.com/doc/gettingstarted/
michael@377 8
michael@377 9 # Specific routing help available at:
michael@377 10 # http://www.opensips.org/index.php?n=Resources.DocsCoreRoutes
michael@377 11
michael@377 12 # Information on debug and log levels
michael@377 13 # http://www.voice-system.ro/docs/ser-syslog/
michael@377 14
michael@377 15 # Die Konfigbloecke sind:
michael@377 16 # Global Configuration Parameters
michael@377 17 # Extension Module Loading
michael@377 18 # Extension Module Configuration
michael@377 19 # Main Request Routing Logic
michael@377 20 # Secondary Request Routing Logic
michael@377 21 # Branch Request Routing Logic
michael@377 22 # Reply Request Routing Logic
michael@377 23 # Failure Request Routing Logic
michael@377 24 # Local Request Routing Logic
michael@377 25 # Error Request Routing Logic
michael@376 26 #
michael@377 27 # Logging:
michael@377 28 # L_ALERT (-3) - used if the error requires immediate action.
michael@377 29 # L_CRIT (-2) - used if the error is a critical situation.
michael@377 30 # L_ERR (-1) - used if the error doesn't cause system malfunctioning.
michael@377 31 # L_WARN (1) - used to write warning messages.
michael@377 32 # L_NOTICE (2) - used to report unusual situations.
michael@377 33 # L_INFO (3) - used to write informational messages.
michael@377 34 # L_DBG (4) - used to write messages for debugging.
michael@377 35
michael@377 36
michael@376 37 #
michael@377 38 # Global Configuration Parameters
michael@377 39 #
michael@376 40 # process configuration
michael@377 41 debug=4
michael@376 42 log_stderror=no
michael@376 43 fork=yes
michael@377 44 children=2
michael@377 45 tcp_children=2
michael@376 46 user="@l_rusr@"
michael@376 47 group="@l_rgrp@"
michael@377 48 wdir="@l_prefix@/var/opensips"
michael@376 49
michael@376 50 # network configuration
michael@377 51 listen=udp:voip.realhost.tld:5060
michael@377 52 #listen = tls:voip.realhost.tld:5061
michael@377 53
michael@377 54 # network aliases
michael@377 55 alias=voip.firsthost.tld:5060
michael@377 56 #alias=voip.firsthost.tld:5061
michael@377 57 alias=voip.secondhost.tld:5060
michael@377 58 #alias=voip.secondhost.tld:5061
michael@377 59
michael@377 60 # enable TLS
michael@377 61 #https://confluence.terena.org/display/IPTelCB/3.5.2.+TLS+for+OpenSER+(UA-Proxy)
michael@377 62 #http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
michael@377 63 #
michael@377 64 #Run 'openserctl tls rootCA' to create @l_prefix@/etc/openser/tls/rootCA/cacert.pem.
michael@377 65 #Run 'openserctl tls userCERT' to create user-calist.pem, user-cert.pem, user-cert_req.pem, and user-privkey.pem in @l_prefix@/etc/openser/tls/user/.
michael@377 66 #Copy @l_prefix@/etc/openser/tls/rootCA/cacert.pem to the client host.
michael@377 67 #On Windows XP client hosts, run 'certmrg.msc' to import the certificate into the root certificate store.
michael@377 68 #
michael@377 69 #disable_tls = 0
michael@377 70 #tls_method = TLSv1
michael@377 71 #tls_verify_server = 1
michael@377 72 #tls_verify_client = 1
michael@377 73 #tls_require_client_certificate = 1
michael@377 74 #tls_ciphers_list = "HIGH:MEDIUM:!ADH" # openssl ciphers -v HIGH:MEDIUM
michael@377 75 #tls_certificate = "@l_prefix@/etc/opensips/tls/user/user-cert.pem"
michael@377 76 #tls_private_key = "@l_prefix@/etc/opensips/tls/user/user-privkey.pem"
michael@377 77 #tls_ca_list = "@l_prefix@/etc/opensips/tls/user/user-calist.pem"
michael@377 78
michael@376 79
michael@376 80 #
michael@377 81 # Extension Module Loading
michael@377 82 # http://www.opensips.org/index.php?n=Resources.DocsModules
michael@376 83 #
michael@377 84 # set module path
michael@377 85 mpath="@l_prefix@/lib/opensips/modules/"
michael@376 86
michael@377 87 loadmodule "sl.so" # Stateless replier
michael@377 88 loadmodule "tm.so" # Transaction stateful
michael@377 89 loadmodule "signaling.so" # Signaling wrapper of sl/tm
michael@377 90 loadmodule "rr.so" # Record Route and Route
michael@377 91 loadmodule "maxfwd.so" # Maximum Forward processor
michael@377 92 loadmodule "db_text.so" # Text backend for database API
michael@377 93 loadmodule "usrloc.so" # User location implementation
michael@377 94 loadmodule "registrar.so" # SIP Registrar implementation
michael@377 95 loadmodule "uri.so" # Generic URI operation
michael@377 96 loadmodule "auth.so" # Authentication Interface
michael@377 97 loadmodule "textops.so" # Text based manipulations
michael@377 98 loadmodule "acc.so" # Accounting
michael@377 99 loadmodule "auth_db.so" # Database backend authentication
michael@377 100 loadmodule "mi_fifo.so" # FIFO support for Management Interface
michael@377 101 #loadmodule "flatstore.so" # Fast writing only text database
michael@377 102 #loadmodule "alias_db.so" # Database aliases
michael@377 103 #loadmodule "domain.so" # Multidomain support
michael@377 104 #loadmodule "nathelper.so" # NAT traversal helper
michael@377 105 #loadmodule "enum.so" # ENUM lookup
michael@376 106
michael@376 107
michael@376 108 #
michael@377 109 # Extension Module Configuration
michael@376 110 #
michael@377 111 # ----- dbtext params -----
michael@377 112 modparam("db_text", "db_mode", 0) # caching for persistence
michael@376 113
michael@377 114 # ----- multimodule params -----
michael@377 115 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db")
michael@376 116
michael@377 117 # ----- rr params -----
michael@377 118 modparam("rr", "append_fromtag", 1) # important when using detect_direction
michael@376 119
michael@377 120 # ----- usrloc params -----
michael@377 121 /* see 'multimodule params' as well */
michael@377 122 modparam("usrloc", "db_mode", 2) # Write back database persistence scheme
michael@376 123
michael@377 124 # ----- registrar params -----
michael@377 125 modparam("registrar", "max_contacts", 10) # contacts per AOR allowed
michael@377 126
michael@377 127 # ----- acc params -----
michael@377 128 /* see 'multimodule params' as well */
michael@377 129 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db")
michael@377 130 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc")
michael@377 131 modparam("acc", "early_media", 1)
michael@377 132 modparam("acc", "report_cancels", 1)
michael@377 133 modparam("acc", "detect_direction", 1)
michael@377 134 modparam("acc", "log_level", 2)
michael@377 135 modparam("acc", "log_flag", 1)
michael@377 136 modparam("acc", "log_missed_flag", 2)
michael@377 137 modparam("acc", "db_flag", 1)
michael@377 138 modparam("acc", "db_missed_flag", 2)
michael@377 139 modparam("acc", "failed_transaction_flag", 4)
michael@377 140
michael@377 141 # ----- mi_fifo params -----
michael@377 142 modparam("mi_fifo", "fifo_name", "@l_prefix@/var/opensips/opensips.fifo")
michael@377 143 modparam("mi_fifo", "reply_dir", "@l_prefix@/var/opensips/tmp/")
michael@377 144
michael@376 145
michael@376 146 #
michael@377 147 # Main Request Routing Logic
michael@376 148 #
michael@377 149 route {
michael@377 150 # message diagnostics
michael@377 151 #log(3, "new branch at $ru\n");
michael@377 152 xlog("L_INFO", "$rm: Orig - $ou\n");
michael@377 153 xlog("L_INFO", "$rm: Req - $ru\n");
michael@377 154 xlog("L_INFO", "$rm: To - $tu\n");
michael@377 155 xlog("L_INFO", "$rm: Dest - $du\n");
michael@377 156 xlog("L_INFO", "$rm: From - $fu\n");
michael@376 157
michael@377 158 # sanity checks
michael@377 159 if (!mf_process_maxfwd_header("10")) { # avoid loops in forward logic
michael@377 160 sl_send_reply("483","Too Many Hops");
michael@376 161 exit;
michael@377 162 }
michael@377 163 if (msg:len > max_len) { # repel DoS attacks
michael@377 164 sl_send_reply("513", "Message Too Large");
michael@376 165 exit;
michael@376 166 };
michael@376 167
michael@377 168 # sequential request within a dialog should
michael@377 169 # take the path determined by record routing
michael@377 170 if (has_totag()) {
michael@377 171 if (loose_route()) {
michael@377 172 if (is_method("BYE")) {
michael@377 173 setflag(1); # do accouting...
michael@377 174 setflag(4); # ...even if the transaction fails
michael@377 175 }
michael@377 176 # mark routing logic in request
michael@377 177 append_hf("P-hint: rr-enforced\r\n");
michael@377 178 route(1);
michael@377 179 } else {
michael@377 180 sl_send_reply("404", "Not Found");
michael@377 181 }
michael@377 182 exit;
michael@377 183 }
michael@376 184
michael@377 185 #
michael@377 186 # initial requests
michael@377 187 #
michael@377 188 if (is_method("CANCEL")) { # CANCEL processing
michael@377 189 if (t_check_trans())
michael@377 190 t_relay();
michael@377 191 exit;
michael@377 192 }
michael@376 193
michael@377 194 t_check_trans();
michael@377 195
michael@377 196 # authenticate if from local subscriber (uncomment to enable auth)
michael@377 197 #if (!is_method("REGISTER") && from_uri == myself) {
michael@377 198 # if (!proxy_authorize("", "subscriber")) {
michael@377 199 # proxy_challenge("", "0");
michael@377 200 # exit;
michael@377 201 # }
michael@377 202 # if (!check_from()) {
michael@377 203 # sl_send_reply("403","Forbidden");
michael@377 204 # exit;
michael@377 205 # }
michael@377 206 #
michael@377 207 # consume_credentials();
michael@377 208 # # caller authenticated
michael@377 209 #}
michael@377 210
michael@377 211 # record route all messages to ensure that subsequent messages
michael@377 212 # will go through our proxy, particularly good if upstream
michael@377 213 # and downstream entities use different transport protocol
michael@377 214 if (!is_method("REGISTER|MESSAGE")) {
michael@376 215 record_route();
michael@377 216 }
michael@376 217
michael@377 218 # account only INVITEs
michael@377 219 if (is_method("INVITE")) {
michael@377 220 setflag(1);
michael@377 221 }
michael@377 222
michael@377 223 if (!uri == myself) {
michael@377 224 /* replace with following line if multidomain support is used */
michael@377 225 #if (!is_uri_host_local()) {
michael@377 226 append_hf("P-hint: outbound\r\n");
michael@377 227 # if you have some interdomain connections via TLS
michael@377 228 #if ($rd == "tls_domain1.net") {
michael@377 229 # t_relay("tls:domain1.net");
michael@377 230 # exit;
michael@377 231 #} else if ($rd == "tls_domain2.net") {
michael@377 232 # t_relay("tls:domain2.net");
michael@377 233 # exit;
michael@377 234 #}
michael@376 235 route(1);
michael@377 236 }
michael@376 237
michael@377 238 #
michael@377 239 # requests for my domain
michael@377 240 #
michael@377 241 if (is_method("PUBLISH")) {
michael@377 242 sl_send_reply("503", "Service Unavailable");
michael@377 243 exit;
michael@377 244 }
michael@376 245
michael@377 246 if (is_method("REGISTER")) {
michael@377 247 # authenticate the REGISTER requests (uncomment to enable auth)
michael@377 248 #if (!www_authorize("", "subscriber")) {
michael@377 249 # www_challenge("", "0");
michael@377 250 # exit;
michael@377 251 #}
michael@377 252 #
michael@377 253 #if (!check_to()) {
michael@377 254 # sl_send_reply("403","Forbidden");
michael@377 255 # exit;
michael@377 256 #}
michael@377 257
michael@377 258 if (!save("location"))
michael@377 259 sl_reply_error();
michael@377 260
michael@377 261 exit;
michael@377 262 }
michael@377 263
michael@377 264 if ($rU == NULL) {
michael@377 265 # request with no Username in RURI
michael@377 266 sl_send_reply("484","Address Incomplete");
michael@377 267 exit;
michael@377 268 }
michael@377 269
michael@377 270 lookup("location");
michael@377 271 switch ($retcode) {
michael@377 272 case 1:
michael@377 273 append_hf("P-hint: usrloc applied\r\n");
michael@377 274 break;
michael@377 275 case -1:
michael@377 276 t_newtran();
michael@377 277 t_reply("404", "Not Found");
michael@376 278 exit;
michael@377 279 case -2:
michael@377 280 sl_send_reply("405", "Method Not Allowed");
michael@377 281 exit;
michael@377 282 case -3:
michael@377 283 t_newtran();
michael@377 284 t_reply("500", "Server Internal Error");
michael@377 285 exit;
michael@377 286 }
michael@376 287
michael@377 288 setflag(2); # when routing via usrloc then
michael@377 289 route(1); # log the missed calls as well
michael@376 290 }
michael@376 291
michael@377 292
michael@377 293 #
michael@377 294 # Secondary Request Routing Logic
michael@377 295 #
michael@376 296 route[1] {
michael@377 297 # for INVITEs enable some additional helper routes
michael@377 298 if (is_method("INVITE")) {
michael@377 299 t_on_branch("1");
michael@377 300 t_on_reply("1");
michael@377 301 t_on_failure("1");
michael@377 302 }
michael@377 303
michael@377 304 # send with stateful forwarding which works reliably even for UDP2TCP
michael@377 305 if (!t_relay())
michael@376 306 sl_reply_error();
michael@377 307
michael@377 308 exit; # safeguard
michael@376 309 }
michael@376 310
michael@376 311
michael@377 312 #
michael@377 313 # Branch Request Routing Logic
michael@377 314 #
michael@377 315 branch_route[1] {
michael@377 316 xlog("L_INFO", "new branch at $ru\n");
michael@377 317 }
michael@377 318
michael@377 319
michael@377 320 #
michael@377 321 # Reply Request Routing Logic
michael@377 322 #
michael@377 323 onreply_route[1] {
michael@377 324 xlog("L_INFO", "incoming reply at $ru\n");
michael@377 325 # if ($ua =~ fritz.box)
michael@377 326 # xlog("L_ERR", "$rm: The Fritzbox replied!\n");
michael@377 327 # if ($ua =~ fritz.box && has_body("application/sdp"))
michael@377 328 # search_append_body("a=sendrecv.*", "\na=ptime:30");
michael@377 329 }
michael@377 330
michael@377 331
michael@377 332 #
michael@377 333 # Failure Request Routing Logic
michael@377 334 #
michael@377 335 failure_route[1] {
michael@377 336 xlog("L_INFO", "failed route at $ru\n");
michael@377 337 if (t_was_cancelled())
michael@377 338 exit;
michael@377 339
michael@377 340 # uncomment the following lines to block
michael@377 341 # client redirect based on 3xx replies
michael@377 342 #if (t_check_status("3[0-9][0-9]")) {
michael@377 343 #t_reply("404","Not Found");
michael@377 344 # exit;
michael@377 345 #}
michael@377 346
michael@377 347 # uncomment the following lines to redirect
michael@377 348 # failed calls to a different new destination
michael@377 349 #if (t_check_status("486|408")) {
michael@377 350 # sethostport("192.168.2.100:5060");
michael@377 351 # append_branch();
michael@377 352 # # do not set the missed call flag again
michael@377 353 # t_relay();
michael@377 354 #}
michael@377 355 }
michael@377 356
michael@377 357
michael@377 358 #
michael@377 359 # Local Request Routing Logic
michael@377 360 #
michael@377 361 local_route {
michael@377 362 if (is_method("INVITE") && $ru=~"@foreign.tld") {
michael@377 363 append_hf("P-hint: foreign request\r\n");
michael@377 364 exit;
michael@377 365 }
michael@377 366 if (is_method("BYE"))
michael@377 367 xlog("L_INFO", "internally generated BYE\n");
michael@377 368 }
michael@377 369
michael@377 370
michael@377 371 #
michael@377 372 # Error Request Routing Logic
michael@377 373 #
michael@377 374 error_route {
michael@377 375 xlog("L_ERR", "error route class=$(err.class) level=$(err.level) info=$(err.info) rcode=$(err.rcode) rreason=$(err.rreason)\n");
michael@377 376 xlog("L_ERR", "error from [$si:$sp]\n");
michael@377 377 xlog("L_ERR", "++++\n$mb\n++++\n");
michael@377 378 sl_send_reply("$err.rcode", "$err.rreason");
michael@377 379 exit;
michael@377 380 }
michael@377 381

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial