mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 lines
4.6 KiB
142 lines
4.6 KiB
#
|
|
# $Id$
|
|
#
|
|
# iptel.org real world configuration
|
|
#
|
|
|
|
# ----------- global configuration parameters ------------------------
|
|
|
|
debug=4 # debug level (cmd line: -dddddddddd)
|
|
fork=no
|
|
#log_stderror=no # (cmd line: -E)
|
|
log_stderror=yes # (cmd line: -E)
|
|
#check_via=yes # (cmd. line: -v)
|
|
#check_via=0
|
|
dns=on # (cmd. line: -r)
|
|
rev_dns=yes # (cmd. line: -R)
|
|
port=5069
|
|
#port=8060
|
|
children=1
|
|
|
|
# advertise IP address in Via (as opposed to advertising DNS name
|
|
# which is annoying for downstream servers and some phones can
|
|
# not handle DNS at all)
|
|
listen=195.37.77.100
|
|
#listen=bat.iptel.org
|
|
|
|
# ------------------ module loading ----------------------------------
|
|
|
|
loadmodule "../sip_router/modules/sl/sl.so"
|
|
loadmodule "../sip_router/modules/print/print.so"
|
|
#loadmodule "../sip_router/modules/tm/tm.so"
|
|
loadmodule "../sip_router/modules/acc/acc.so"
|
|
loadmodule "../sip_router/modules/rr/rr.so"
|
|
loadmodule "../sip_router/modules/maxfwd/maxfwd.so"
|
|
loadmodule "../sip_router/modules/mysql/mysql.so"
|
|
loadmodule "../sip_router/modules/usrloc/usrloc.so"
|
|
loadmodule "../sip_router/modules/auth/auth.so"
|
|
loadmodule "../sip_router/modules/cpl/cpl.so"
|
|
|
|
# ----------------- setting module-specific parameters ---------------
|
|
|
|
# -- usrloc params --
|
|
|
|
modparam("usrloc", "use_database", 1)
|
|
modparam("usrloc", "table", "location")
|
|
modparam("usrloc", "user_column", "user")
|
|
modparam("usrloc", "contact_column", "contact")
|
|
modparam("usrloc", "expires_column", "expires")
|
|
modparam("usrloc", "q_column", "q")
|
|
modparam("usrloc", "callid_column", "callid")
|
|
modparam("usrloc", "cseq_column", "cseq")
|
|
modparam("usrloc", "flush_interval", 60)
|
|
modparam("usrloc", "db_url", "sql://root:@localhost/ser")
|
|
|
|
# -- auth params --
|
|
|
|
modparam("auth", "db_url", "sql://root:@localhost/ser")
|
|
modparam("auth", "user_column", "user")
|
|
# nonce generation secret; particularly useful if multiple servers
|
|
# in a proxy farm are configured to authenticate
|
|
modparam("auth", "secret", "439tg8h349g8hq349t9384hg")
|
|
# calculate_ha1=false means password column includes ha1 strings;
|
|
# if it was false, plain-text passwords would be assumed
|
|
|
|
# the database credentials in hashed form
|
|
modparam("auth", "calculate_ha1", false)
|
|
modparam("auth", "password_column", "ha1")
|
|
# password_column, realm_column, group_table, group_user_column,
|
|
# group_group_column are set to their default values
|
|
# password_column_2 allows to deal with clients who put domain name
|
|
# in authentication credentials when calculate_ha1=false (if true,
|
|
# it works); if set to a value and USER_DOMAIN_HACK was enabled
|
|
# in defs.h, authentication will still work
|
|
modparam("auth", "password_column_2", "ha1b")
|
|
|
|
# the database in plain-text alternative:
|
|
#modparam("auth", "calculate_ha1", true )
|
|
#modparam("auth", "password_column", "password")
|
|
|
|
modparam("auth", "nonce_expire", 300)
|
|
modparam("auth", "retry_count", 3)
|
|
|
|
# -- acc params --
|
|
# report ACKs too for sake of completeness -- as we account PSTN
|
|
# destinations which are RR, ACKs should show up
|
|
modparam("acc", "report_ack", 1)
|
|
# don't bother me with early media reports (I don't like 183
|
|
# too much anyway...ever thought of timer C hitting after
|
|
# listening to music-on-hold for five minutes?)
|
|
modparam("acc", "early_media", 0)
|
|
modparam("acc", "log_level", 1)
|
|
# that is the flag for which we will account -- don't forget to
|
|
# set the same one :-)
|
|
modparam("acc", "acc_flag", 1 )
|
|
# we are interested only in succesful transactions
|
|
modparam("acc", "failed_transactions", 0 )
|
|
|
|
# -- tm params --
|
|
modparam("tm", "fr_timer", 30 )
|
|
modparam("tm", "fr_inv_timer", 60 )
|
|
|
|
# ------------------------- request routing logic -------------------
|
|
|
|
# main routing logic
|
|
|
|
route{
|
|
|
|
# filter local stateless ACK generated by authentication of mf replies
|
|
sl_filter_ACK();
|
|
|
|
# filter too old messages
|
|
log("LOG: Checking maxfwd\n");
|
|
if (!mf_process_maxfwd_header("10")) {
|
|
log("LOG: Too many hops\n");
|
|
sl_send_reply("483","Too Many Hops");
|
|
break;
|
|
};
|
|
|
|
if (method=="REGISTER") {
|
|
log("LOG Request is REGISTER\n");
|
|
if (!www_authorize( "bat.iptel.org" /* realm */,
|
|
"subscriber" /* table name */ )) {
|
|
log("LOG: REGISTER has no credentials, sending challenge\n");
|
|
www_challenge( "bat.iptel.org" /* realm */,
|
|
"0" /* no qop -- M$ can't deal with it */);
|
|
break;
|
|
};
|
|
# prohibit attempts to grab someone else's To address
|
|
# using valid credentials
|
|
if (!is_user("replicator")) {
|
|
log("LOG: To Cheating attempt\n");
|
|
sl_send_reply("403", "That is ugly -- use To=id next time");
|
|
break;
|
|
};
|
|
|
|
# update Contact database
|
|
log("LOG: REGISTER is authorized, saving location\n");
|
|
save_contact("location");
|
|
break;
|
|
};
|
|
}
|