From 0bb91ef23ba652fb107524f58ccf72b78ecab165 Mon Sep 17 00:00:00 2001 From: lazedo Date: Fri, 15 Feb 2019 15:10:47 +0000 Subject: [PATCH] more nat related changes --- kamailio/authorization-role.cfg | 23 ++++++++++++++++ kamailio/default.cfg | 3 +++ kamailio/nat-traversal-role.cfg | 6 +++-- kamailio/presence-notify.cfg | 6 ++--- kamailio/presence-role.cfg | 6 ++--- kamailio/registrar-role.cfg | 48 +++++++++++++-------------------- 6 files changed, 55 insertions(+), 37 deletions(-) create mode 100644 kamailio/authorization-role.cfg diff --git a/kamailio/authorization-role.cfg b/kamailio/authorization-role.cfg new file mode 100644 index 0000000..5b55be2 --- /dev/null +++ b/kamailio/authorization-role.cfg @@ -0,0 +1,23 @@ +## to be enhanced + +route[AUTHORIZATION_CHECK] +{ + if (!is_method("MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH")) + return; + + if(has_totag()) + return; + + if (isflagset(FLAG_INTERNALLY_SOURCED)) + return; + + if (isflagset(FLAG_TRUSTED_SOURCE)) + return; + + $xavp(regcfg=>match_received) = $su; + if(!(registered("location", "$fu", 2, 1) == 1 && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1)) { + xlog("L_INFO", "$ci|log|not authorized $fu from $si:$sp\n"); + send_reply("503", "Not Registered"); + exit; + } +} diff --git a/kamailio/default.cfg b/kamailio/default.cfg index 8998359..09fe902 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -244,6 +244,9 @@ modparam("kazoo", "amqp_connection", "MY_AMQP_DENARY_URL") include_file "kazoo-bindings.cfg" ####### Role Configurations ########## +#!ifdef AUTHORIZATION_ROLE +include_file "authorization-role.cfg" +#!endif #!ifdef DISPATCHER_ROLE include_file "dispatcher-role.cfg" #!endif diff --git a/kamailio/nat-traversal-role.cfg b/kamailio/nat-traversal-role.cfg index 3236e6c..879721b 100644 --- a/kamailio/nat-traversal-role.cfg +++ b/kamailio/nat-traversal-role.cfg @@ -4,7 +4,7 @@ loadmodule "nathelper.so" #!trydef NATHELPER_LOADED #!endif modparam("nathelper", "received_avp", "$avp(AVP_RECV_PARAM)") -modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOSTNAME") +modparam("nathelper", "sipping_from", "sip:registrar-check@MY_HOSTNAME") #!ifdef WEBSOCKETS_ROLE #!trydef KZ_NAT_DETECT 83 @@ -69,12 +69,14 @@ route[NAT_DETECT] } if (isflagset(FLAG_SKIP_NAT_CORRECTION)) { - return(); + xlog("L_DEBUG", "$ci|log|skipping nat detection\n"); + return; } force_rport(); if(nat_uac_test(KZ_NAT_DETECT)) { + xlog("L_DEBUG", "$ci|log|detected nat request\n"); setflag(FLT_NATS); if (!is_method("REGISTER")) { if(is_first_hop()) set_contact_alias(); diff --git a/kamailio/presence-notify.cfg b/kamailio/presence-notify.cfg index d196a60..7d480d0 100644 --- a/kamailio/presence-notify.cfg +++ b/kamailio/presence-notify.cfg @@ -72,15 +72,15 @@ event_route[presence:notify-reply] } else { if($rP != "UDP") { $xavp(pres=>delete_subscription) = 1; - xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri)\n"); + xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n"); } else { $var(shtinc) = $shtinc(notify=>$ci::count); if($var(shtinc) > MAX_NOTIFY_ERROR) { $xavp(pres=>delete_subscription) = 1; - xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri)\n"); + xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n"); } else { $var(max_notify) = MAX_NOTIFY_ERROR; - xlog("L_WARN", "$ci|error|received $notify_reply($rs) ($var(shtinc)/$var(max_notify)) when notifying $subs(watcher_username)@$subs(watcher_domain) on behalf of $subs(pres_uri)\n"); + xlog("L_WARN", "$ci|error|received $notify_reply($rs) ($var(shtinc)/$var(max_notify)) when notifying $subs(watcher_username)@$subs(watcher_domain) on behalf of $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n"); } } } diff --git a/kamailio/presence-role.cfg b/kamailio/presence-role.cfg index 2481d3f..6081711 100644 --- a/kamailio/presence-role.cfg +++ b/kamailio/presence-role.cfg @@ -65,9 +65,9 @@ modparam("kazoo", "pua_mode", 1) loadmodule "nat_traversal.so" #!endif modparam("nat_traversal", "keepalive_method", "OPTIONS") -modparam("nat_traversal", "keepalive_from", "sip:sipcheck@MY_HOSTNAME") +modparam("nat_traversal", "keepalive_from", "sip:presence-check@MY_HOSTNAME") modparam("nat_traversal", "keepalive_state_file", "KAZOO_DATA_DIR/keep_alive_state") -modparam("nat_traversal", "keepalive_interval", 45) +modparam("nat_traversal", "keepalive_interval", 30) #!endif kazoo.presence_sync_amqp = KZ_PRESENCE_AMQP_PUBLISH descr "sync subscriptions to amqp" @@ -87,7 +87,7 @@ kazoo.presence_no_targets_log_level = KZ_PRESENCE_NO_TARGETS_LOG_LEVEL descr "wh #!ifdef NAT_TRAVERSAL_ROLE route[PRESENCE_NAT] { - if (isflagset(FLT_NATS)) { + if (isflagset(FLT_NATS) && proto==UDP) { nat_keepalive(); } } diff --git a/kamailio/registrar-role.cfg b/kamailio/registrar-role.cfg index 2c1eb69..355aa39 100644 --- a/kamailio/registrar-role.cfg +++ b/kamailio/registrar-role.cfg @@ -1,6 +1,13 @@ +#### NAT PINGING PARAMS ### +## NEXT 2 SHOULD GO TOGETHER +## REGISTRAR_NAT_PING_TIMEOUT should be (REGISTRAR_NAT_PING_INTERVAL + 10) or 0 to disable #!trydef REGISTRAR_NAT_PING_INTERVAL 30 -#!trydef REGISTRAR_NAT_PING_NAT_ONLY 0 +#!trydef REGISTRAR_NAT_PING_TIMEOUT 40 + +#!trydef REGISTRAR_NAT_PING_NAT_ONLY 1 #!trydef REGISTRAR_NAT_PING_WORKERS 5 +##### + #!trydef REGISTRAR_MIN_EXPIRES 300 #!trydef REGISTRAR_MAX_EXPIRES 3600 #!trydef REGISTRAR_DEFAULT_EXPIRES 600 @@ -58,6 +65,7 @@ modparam("nathelper", "natping_interval", REGISTRAR_NAT_PING_INTERVAL) modparam("nathelper", "ping_nated_only", REGISTRAR_NAT_PING_NAT_ONLY) modparam("nathelper", "natping_processes", REGISTRAR_NAT_PING_WORKERS) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) +modparam("nathelper", "keepalive_timeout", REGISTRAR_NAT_PING_TIMEOUT) #!endif ####### SIP Registrar implementation module ########## @@ -93,13 +101,11 @@ kazoo.registrar_check_amqp_availability = REGISTRAR_CHECK_AMQP_AVAILABILITY desc ####### Registrar Logic ######## -route[HANDLE_REGISTER] -{ - if (!is_method("REGISTER")) { - return; - } +route[REGISTRAR_NAT] +{ if (isflagset(FLT_NATS)) { + xlog("L_INFO", "$ci|log|fixing contact for nat request\n"); setbflag(FLB_NATB); fix_nated_register(); @@ -107,41 +113,23 @@ route[HANDLE_REGISTER] if (!($ua =~ "Linksys/SPA8000" || $ua =~ "SIPp" || (af==INET6) + || (proto!=UDP) + || ($(xavp(ulattrs=>custom_channel_vars){kz.json,Keep-Alive}) == "false") )) { + xlog("L_INFO", "$ci|log|set nat pinging\n"); setbflag(FLB_NATSIPPING); } } else { $avp(AVP_RECV_PARAM) = $su; } - - route(ATTEMPT_AUTHORIZATION); - } -route[AUTHORIZATION_CHECK] +route[HANDLE_REGISTER] { - if (!is_method("MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH")) - return; - - if(has_totag()) - return; - - if (isflagset(FLAG_INTERNALLY_SOURCED)) - return; - - if (isflagset(FLAG_TRUSTED_SOURCE)) + if (!is_method("REGISTER")) { return; - - $xavp(regcfg=>match_received) = $su; - if(!(registered("location", "$fu", 2, 1) == 1 && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1)) { - xlog("L_INFO", "$ci|log|not authorized $fu from $si:$sp\n"); - send_reply("503", "Not Registered"); - exit; } -} -route[ATTEMPT_AUTHORIZATION] -{ #!ifdef PUSHER_ROLE route(PUSHER_ATTEMPT_REGISTRATION); #!endif @@ -270,6 +258,8 @@ route[SAVE_LOCATION] }; $sht(auth_cache=>$Au) = $var(password); + route(REGISTRAR_NAT); + $var(save_result) = save("location", "0x04"); if($var(save_result) < 0) { exit;