more nat related changes

7 years ago · 0bb91ef23b
--- a/kamailio/authorization-role.cfg
+++ b/kamailio/authorization-role.cfg
@ -0,0 +1,23 @@
 ## to be enhanced

 route[AUTHORIZATION_CHECK]
 {
    if (!is_method("MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH"))
        return;

    if(has_totag())
        return;

    if (isflagset(FLAG_INTERNALLY_SOURCED))
        return;

    if (isflagset(FLAG_TRUSTED_SOURCE))
        return;

    $xavp(regcfg=>match_received) = $su;
    if(!(registered("location", "$fu", 2, 1) == 1 && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1)) {
        xlog("L_INFO", "$ci|log|not authorized $fu from $si:$sp\n");
        send_reply("503", "Not Registered");
        exit;
    }
 }
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@ -244,6 +244,9 @@ modparam("kazoo", "amqp_connection", "MY_AMQP_DENARY_URL")
 include_file "kazoo-bindings.cfg"

 ####### Role Configurations ##########
 #!ifdef AUTHORIZATION_ROLE
 include_file "authorization-role.cfg"
 #!endif
 #!ifdef DISPATCHER_ROLE
 include_file "dispatcher-role.cfg"
 #!endif
--- a/kamailio/nat-traversal-role.cfg
+++ b/kamailio/nat-traversal-role.cfg
@ -4,7 +4,7 @@ loadmodule "nathelper.so"
 #!trydef NATHELPER_LOADED
 #!endif
 modparam("nathelper", "received_avp", "$avp(AVP_RECV_PARAM)")
 modparam("nathelper", "sipping_from", "sip:sipcheck@MY_HOSTNAME")
 modparam("nathelper", "sipping_from", "sip:registrar-check@MY_HOSTNAME")

 #!ifdef WEBSOCKETS_ROLE
 #!trydef KZ_NAT_DETECT 83
@ -69,12 +69,14 @@ route[NAT_DETECT]
   }

   if (isflagset(FLAG_SKIP_NAT_CORRECTION)) {
       return();
       xlog("L_DEBUG", "$ci|log|skipping nat detection\n");
       return;
   }

   force_rport();

   if(nat_uac_test(KZ_NAT_DETECT)) {
      xlog("L_DEBUG", "$ci|log|detected nat request\n");
      setflag(FLT_NATS);
      if (!is_method("REGISTER")) {
          if(is_first_hop()) set_contact_alias();
--- a/kamailio/presence-notify.cfg
+++ b/kamailio/presence-notify.cfg
@ -72,15 +72,15 @@ event_route[presence:notify-reply]
    } else {
       if($rP != "UDP") {
         $xavp(pres=>delete_subscription) = 1;
         xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri)\n");
         xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n");
      } else {
         $var(shtinc) = $shtinc(notify=>$ci::count);
         if($var(shtinc) > MAX_NOTIFY_ERROR) {
            $xavp(pres=>delete_subscription) = 1;
            xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri)\n");
            xlog("L_ERROR", "$ci|error|removing $rP watcher $subs(watcher_username)@$subs(watcher_domain) for $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n");
         } else {
            $var(max_notify) = MAX_NOTIFY_ERROR;
            xlog("L_WARN", "$ci|error|received $notify_reply($rs) ($var(shtinc)/$var(max_notify)) when notifying $subs(watcher_username)@$subs(watcher_domain) on behalf of $subs(pres_uri)\n");
            xlog("L_WARN", "$ci|error|received $notify_reply($rs) ($var(shtinc)/$var(max_notify)) when notifying $subs(watcher_username)@$subs(watcher_domain) on behalf of $subs(pres_uri) with reason $subs(reason) and reply $notify_reply($rs)\n");
         }
       }
    }
--- a/kamailio/presence-role.cfg
+++ b/kamailio/presence-role.cfg
@ -65,9 +65,9 @@ modparam("kazoo", "pua_mode", 1)
 loadmodule "nat_traversal.so"
 #!endif
 modparam("nat_traversal", "keepalive_method", "OPTIONS")
 modparam("nat_traversal", "keepalive_from", "sip:sipcheck@MY_HOSTNAME")
 modparam("nat_traversal", "keepalive_from", "sip:presence-check@MY_HOSTNAME")
 modparam("nat_traversal", "keepalive_state_file", "KAZOO_DATA_DIR/keep_alive_state")
 modparam("nat_traversal", "keepalive_interval", 45)
 modparam("nat_traversal", "keepalive_interval", 30)
 #!endif

 kazoo.presence_sync_amqp = KZ_PRESENCE_AMQP_PUBLISH descr "sync subscriptions to amqp"
@ -87,7 +87,7 @@ kazoo.presence_no_targets_log_level = KZ_PRESENCE_NO_TARGETS_LOG_LEVEL descr "wh
 #!ifdef NAT_TRAVERSAL_ROLE
 route[PRESENCE_NAT]
 {
    if (isflagset(FLT_NATS)) {
    if (isflagset(FLT_NATS) && proto==UDP) {
        nat_keepalive();
    }
 }
--- a/kamailio/registrar-role.cfg
+++ b/kamailio/registrar-role.cfg
@ -1,6 +1,13 @@
 #### NAT PINGING PARAMS ###
 ## NEXT 2 SHOULD GO TOGETHER
 ## REGISTRAR_NAT_PING_TIMEOUT should be (REGISTRAR_NAT_PING_INTERVAL + 10) or 0 to disable
 #!trydef REGISTRAR_NAT_PING_INTERVAL 30
 #!trydef REGISTRAR_NAT_PING_NAT_ONLY 0
 #!trydef REGISTRAR_NAT_PING_TIMEOUT 40

 #!trydef REGISTRAR_NAT_PING_NAT_ONLY 1
 #!trydef REGISTRAR_NAT_PING_WORKERS 5
 #####

 #!trydef REGISTRAR_MIN_EXPIRES 300
 #!trydef REGISTRAR_MAX_EXPIRES 3600
 #!trydef REGISTRAR_DEFAULT_EXPIRES 600
@ -58,6 +65,7 @@ modparam("nathelper", "natping_interval", REGISTRAR_NAT_PING_INTERVAL)
 modparam("nathelper", "ping_nated_only", REGISTRAR_NAT_PING_NAT_ONLY)
 modparam("nathelper", "natping_processes", REGISTRAR_NAT_PING_WORKERS)
 modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
 modparam("nathelper", "keepalive_timeout", REGISTRAR_NAT_PING_TIMEOUT)
 #!endif

 ####### SIP Registrar implementation module ##########
@ -93,13 +101,11 @@ kazoo.registrar_check_amqp_availability = REGISTRAR_CHECK_AMQP_AVAILABILITY desc


 ####### Registrar Logic ########
 route[HANDLE_REGISTER]
 {
    if (!is_method("REGISTER")) {
        return;
    }

 route[REGISTRAR_NAT]
 {
    if (isflagset(FLT_NATS)) {
        xlog("L_INFO", "$ci|log|fixing contact for nat request\n");
        setbflag(FLB_NATB);
        fix_nated_register();

@ -107,41 +113,23 @@ route[HANDLE_REGISTER]
        if (!($ua =~ "Linksys/SPA8000"
             || $ua =~ "SIPp"
             || (af==INET6)
             || (proto!=UDP)
             || ($(xavp(ulattrs=>custom_channel_vars){kz.json,Keep-Alive}) == "false")
            )) {
            xlog("L_INFO", "$ci|log|set nat pinging\n");
            setbflag(FLB_NATSIPPING);
        }
    } else {
       $avp(AVP_RECV_PARAM) = $su;
    }

    route(ATTEMPT_AUTHORIZATION);

 }

 route[AUTHORIZATION_CHECK]
 route[HANDLE_REGISTER]
 {
    if (!is_method("MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH"))
        return;

    if(has_totag())
        return;

    if (isflagset(FLAG_INTERNALLY_SOURCED))
        return;

    if (isflagset(FLAG_TRUSTED_SOURCE))
    if (!is_method("REGISTER")) {
        return;

    $xavp(regcfg=>match_received) = $su;
    if(!(registered("location", "$fu", 2, 1) == 1 && $(xavp(ulattrs=>custom_channel_vars){s.len}) > 1)) {
        xlog("L_INFO", "$ci|log|not authorized $fu from $si:$sp\n");
        send_reply("503", "Not Registered");
        exit;
    }
 }

 route[ATTEMPT_AUTHORIZATION]
 {
    #!ifdef PUSHER_ROLE
    route(PUSHER_ATTEMPT_REGISTRATION);
    #!endif
@ -270,6 +258,8 @@ route[SAVE_LOCATION]
    };
    $sht(auth_cache=>$Au) = $var(password);

    route(REGISTRAR_NAT);

    $var(save_result) = save("location", "0x04");
    if($var(save_result) < 0) {
        exit;