ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

updates to ensure the ACL is checked in

3.12
Karl Anderson 15 years ago
parent
ed8d02365d
commit
83b53a890d
2 changed files with 99 additions and 81 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +10
    -10
      autoload_configs/acl.conf.xml
  2. +89
    -71
      opensips/opensips.cfg

+ 10
- 10
autoload_configs/acl.conf.xml View File

@ -1,16 +1,16 @@
<configuration name="acl.conf" description="Network Lists"> <configuration name="acl.conf" description="Network Lists">
<network-lists> <network-lists>
<list name="trusted" default="deny"> <list name="trusted" default="deny">
<node type="allow" cidr="173.203.215.241/32"/> <!--proxy2.switchfreedom.com-->
<node type="allow" cidr="72.249.14.242/32"/> <!--gw01-car.dal.us.icall.net-->
<node type="allow" cidr="8.19.97.6/32"/> <!--sbc01-car.dal.us.icall.net-->
<node type="allow" cidr="208.85.184.0/24"/> <!--velocity.net-->
</list>
<node type="allow" cidr="173.203.215.241/32"/> <!--proxy2.switchfreedom.com-->
<node type="allow" cidr="72.249.14.242/32"/> <!--gw01-car.dal.us.icall.net-->
<node type="allow" cidr="8.19.97.6/32"/> <!--sbc01-car.dal.us.icall.net-->
<node type="allow" cidr="208.85.184.0/24"/> <!--velocity.net-->
<node type="allow" cidr="184.106.172.9/32"/> <!--sipproxy001-prod-ord.2600hz.com-->
</list>
<list name="authoritative" default="deny"> <list name="authoritative" default="deny">
<node type="allow" cidr="184.106.172.9/32"/> <!--sipproxy001-prod-ord-->
<node type="allow" cidr="204.232.212.190/32"/> <!--sipproxy002-prod-dfw-->
<node type="allow" cidr="184.106.157.174/32"/> <!--sipproxy001-aa-ord-->
<node type="allow" cidr="209.114.35.233/32"/> <!--sipproxy001-aa-dfw-->
<node type="allow" cidr="184.106.157.174/32"/> <!--sipproxy001-aa-ord.2600hz.com-->
<node type="allow" cidr="209.114.35.233/32"/> <!--sipproxy001-aa-dfw.2600hz.com-->
<node type="allow" cidr="184.106.170.176/32"/> <!--sipproxy001-dev-ord.2600hz.com-->
</list> </list>
</network-lists> </network-lists>
</configuration>
</configuration>

+ 89
- 71
opensips/opensips.cfg View File

@ -105,11 +105,12 @@ disable_tcp=no
###################################################################### ######################################################################
## Module Loading ## Module Loading
###################################################################### ######################################################################
mpath="/usr/local/lib64/opensips/modules/"
mpath="/usr/lib64/opensips/modules/"
loadmodule "memcached.so" loadmodule "memcached.so"
loadmodule "signaling.so" loadmodule "signaling.so"
loadmodule "sl.so" loadmodule "sl.so"
loadmodule "tm.so" loadmodule "tm.so"
loadmodule "dialog.so"
loadmodule "maxfwd.so" loadmodule "maxfwd.so"
loadmodule "rr.so" loadmodule "rr.so"
loadmodule "path.so" loadmodule "path.so"
@ -117,6 +118,7 @@ loadmodule "uri.so"
loadmodule "textops.so" loadmodule "textops.so"
loadmodule "usrloc.so" loadmodule "usrloc.so"
loadmodule "nathelper.so" loadmodule "nathelper.so"
loadmodule "nat_traversal.so"
loadmodule "dispatcher.so" loadmodule "dispatcher.so"
loadmodule "mi_fifo.so" loadmodule "mi_fifo.so"
# loadmodule "mi_datagram.so" # loadmodule "mi_datagram.so"
@ -149,7 +151,7 @@ modparam("tm", "fr_timer", 5)
# modparam("tm", "fr_inv_timer_avp", "$avp(i:25)") # modparam("tm", "fr_inv_timer_avp", "$avp(i:25)")
# modparam("tm", "tw_append", # modparam("tm", "tw_append",
# "test: ua=$hdr(User-Agent) ;avp=$avp(i:10);$rb;time=$Ts") # "test: ua=$hdr(User-Agent) ;avp=$avp(i:10);$rb;time=$Ts")
# modparam("tm", "pass_provisional_replies", 0)
modparam("tm", "pass_provisional_replies", 1)
# modparam("tm", "syn_branch", 1) # modparam("tm", "syn_branch", 1)
# modparam("tm", "onreply_avp_mode", 0) # modparam("tm", "onreply_avp_mode", 0)
# modparam("tm", "disable_6xx_block", 0) # modparam("tm", "disable_6xx_block", 0)
@ -221,17 +223,25 @@ modparam("usrloc", "path_column", "path")
## Nathelper Module Parameters ## Nathelper Module Parameters
###################################################################### ######################################################################
# modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890") # modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
# modparam("nathelper", "natping_interval", 30)
# modparam("nathelper", "ping_nated_only", 1)
# modparam("nathelper", "natping_processes", 3) # modparam("nathelper", "natping_processes", 3)
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from", "sip:sipcheck@184.106.172.9 ")
# modparam("nathelper", "sipping_bflag", 7)
# modparam("nathelper", "sipping_from", "sip:sipcheck@184.106.157.174")
# modparam("nathelper", "sipping_method", "INFO") # modparam("nathelper", "sipping_method", "INFO")
######################################################################
## NAT Traversal Module Parameters
######################################################################
modparam("nat_traversal", "keepalive_interval", 60)
modparam("nat_traversal", "keepalive_method", "OPTIONS")
modparam("nat_traversal", "keepalive_from", "sip:keepalive@ping.sip.2600hz.com")
modparam("nat_traversal", "keepalive_state_file", "/tmp/opensips_keepalive_state")
###################################################################### ######################################################################
## Dispatcher Module Parameters ## Dispatcher Module Parameters
###################################################################### ######################################################################
modparam("dispatcher", "list_file", "/usr/local/etc/opensips/dispatcher.list")
modparam("dispatcher", "list_file", "/etc/opensips/dispatcher.list")
modparam("dispatcher", "flags", 2) modparam("dispatcher", "flags", 2)
modparam("dispatcher", "use_default", 0) modparam("dispatcher", "use_default", 0)
modparam("dispatcher", "force_dst", 1) modparam("dispatcher", "force_dst", 1)
@ -242,7 +252,7 @@ modparam("dispatcher", "cnt_avp", "$avp(i:274)")
modparam("dispatcher", "hash_pvar", "$avp(i:273)") modparam("dispatcher", "hash_pvar", "$avp(i:273)")
# modparam("dispatcher", "setid_pvar", "$var(setid)") # modparam("dispatcher", "setid_pvar", "$var(setid)")
modparam("dispatcher", "ds_ping_method", "OPTIONS") modparam("dispatcher", "ds_ping_method", "OPTIONS")
modparam("dispatcher", "ds_ping_from", "sip:sipcheck@184.106.172.9:5060")
modparam("dispatcher", "ds_ping_from", "sip:sipcheck@184.106.157.174:5060")
modparam("dispatcher", "ds_ping_interval", 10) modparam("dispatcher", "ds_ping_interval", 10)
# modparam("dispatcher", "ds_ping_sock", "udp:10.80.25.168:5080") # modparam("dispatcher", "ds_ping_sock", "udp:10.80.25.168:5080")
modparam("dispatcher", "ds_probing_threshhold", 3) modparam("dispatcher", "ds_probing_threshhold", 3)
@ -290,11 +300,18 @@ route
exit; exit;
} }
if (src_ip==myself)
{
xlog("L_WARN", "Src IP [$ou] from [$si:$sp]");
exit;
}
xlog("L_INFO", "Received [$rm] [$ou] from [$si:$sp]"); xlog("L_INFO", "Received [$rm] [$ou] from [$si:$sp]");
xlog("L_DBG", " From: [$fu]"); xlog("L_DBG", " From: [$fu]");
xlog("L_DBG", " To: [$tu]"); xlog("L_DBG", " To: [$tu]");
if (is_method("OPTIONS"))
if (is_method("OPTIONS|SUBSCRIBE"))
{ {
xlog("L_NOTICE", " Method [$rm] is not supported, sending 503 to [$si:$sp]"); xlog("L_NOTICE", " Method [$rm] is not supported, sending 503 to [$si:$sp]");
@ -305,39 +322,16 @@ route
t_on_reply("1"); t_on_reply("1");
if (nat_uac_test("18"))
{
xlog("L_INFO", " Source port is different from the port in Via, force rport");
force_rport();
fix_nated_contact();
if (has_body("application/sdp"))
{
xlog("L_INFO", " Fixing nated SDP, rewritting media and origin with [$si]");
fix_nated_sdp("10");
}
# If this leads to a sucessfull register then flag 5 will cause nat=yes to be append to the contact
# and (when appropriate) the use of the nat_compensator reply branch
setflag(5);
}
t_on_failure("1");
if (has_totag()) if (has_totag())
{ {
if (subst_uri('/(sip:.*);nat=yes/\1/'))
{
xlog("L_INFO", " Set reply branch for NAT compensation on this message in the existing dialog");
t_on_reply("nat_compensator");
}
# sequential request withing a dialog should # sequential request withing a dialog should
# take the path determined by record-routing # take the path determined by record-routing
if (loose_route()) if (loose_route())
{ {
append_hf("P-hint: rr-enforced\r\n");
if (is_method("INVITE")) if (is_method("INVITE"))
{ {
# even if in most of the cases is useless, do RR for # even if in most of the cases is useless, do RR for
@ -348,6 +342,13 @@ route
#record_route(); #record_route();
} }
if ((ds_is_in_list("$si", "$sp", "1") || ds_is_in_list("$si", "$sp", "2")) && is_method("ACK"))
{
xlog("L_INFO", " Stored [$tU] as belonging to media server [$fd]");
cache_store("memcached_callid_hash", "$tU ", "$fd", 3600);
}
# route it out to whatever destination was set by loose_route() # route it out to whatever destination was set by loose_route()
# in $du (destination URI). # in $du (destination URI).
route(1); route(1);
@ -430,33 +431,38 @@ route
} }
# is not from media servers # is not from media servers
if (!ds_is_in_list("$si", "$sp", "1") and !ds_is_in_list("$si", "$sp", "2"))
{
if(cache_fetch("memcached_callid_hash", "$ci", $avp(i:55)))
if (!ds_is_in_list("$si", "$sp", "1") && !ds_is_in_list("$si", "$sp", "2"))
{
if ($ct.fields(uri) && cache_fetch("memcached_callid_hash", "$(ct.fields(uri){uri.user})", $avp(i:55)))
{
$rd = $avp(i:55);
xlog("L_INFO", " Reconized contact [$ct.fields(uri)] as belonging to media server [$rd]");
}
else if (cache_fetch("memcached_callid_hash", "$ci", $avp(i:55)))
{ {
$rd = $avp(i:55); $rd = $avp(i:55);
xlog("L_INFO", " Reconized call-id [$ci] as belonging to media server [$rd]"); xlog("L_INFO", " Reconized call-id [$ci] as belonging to media server [$rd]");
if ($ct.fields(uri) && is_method("INVITE"))
{
xlog("L_INFO", " Stored [$(ct.fields(uri){uri.user})] as belonging to media server [$rd]");
cache_store("memcached_callid_hash", "$(ct.fields(uri){uri.user})", "$rd", 3600);
}
} }
else else
{ {
xlog("L_INFO", " Selecting domain from set 1 using round-robin"); xlog("L_INFO", " Selecting domain from set 1 using round-robin");
ds_select_domain("1", "4"); ds_select_domain("1", "4");
t_on_failure("1");
} }
remove_hf("X-AUTH-IP");
append_hf("X-AUTH-IP: $si\r\n"); append_hf("X-AUTH-IP: $si\r\n");
if (isflagset(5))
{
xlog("L_INFO", " This contact is behind NAT, appending nat=yes to the Contact header");
# "nat=yes" is added to help with in-dialog re-INVITE, UPDATE, etc.
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
}
}
# record routing # record routing
if (!is_method("REGISTER|MESSAGE")) if (!is_method("REGISTER|MESSAGE"))
@ -473,6 +479,8 @@ route
route[1] route[1]
{ {
route("nat_test_and_correct");
if (!t_relay()) if (!t_relay())
{ {
xlog("L_ERR", " Unable to relay [$rm] [$ru] to [$du], sending 500"); xlog("L_ERR", " Unable to relay [$rm] [$ru] to [$du], sending 500");
@ -485,40 +493,41 @@ route[1]
exit; exit;
} }
onreply_route[1]
route[nat_test_and_correct]
{ {
if (t_check_status("(407)|(401)"))
if (client_nat_test("3"))
{ {
cache_store("memcached_callid_hash", "$ci ", "$si", 60);
xlog("L_INFO", " NAT (SIP): Private IP in contact field or via address differs from source");
xlog("L_INFO", " Stored call-id [$ci] as belonging to media server [$si]");
}
}
force_rport();
onreply_route[nat_compensator]
{
xlog("L_INFO ", " Compensating reply from NATed message [$rs] [$rr]");
if ((method=="REGISTER" || method=="SUBSCRIBE" || (method=="INVITE" && !has_totag())))
{
xlog("L_INFO", " NAT (SIP): Activating keep alive pings");
if (t_check_status("(407)|(401)"))
{
cache_store("memcached_callid_hash", "$ci ", "$si", 60);
nat_keepalive();
}
xlog("L_INFO", " Stored call-id [$ci] for NATed reply as belonging to media server [$si]");
fix_contact();
} }
if (has_body("application/sdp"))
if (has_body("application/sdp") && nat_uac_test("8"))
{ {
xlog("L_INFO", " Fixing nated reply SDP, rewritting media and origin with [$si]");
xlog("L_INFO", " NAT (SDP): Private IP in SDP");
fix_nated_sdp("10"); fix_nated_sdp("10");
} }
}
onreply_route[1]
{
route("nat_test_and_correct");
if (is_present_hf("Contact"))
if (t_check_status("(407)|(401)"))
{ {
xlog("L_INFO", " Fixing nated reply contact header");
cache_store("memcached_callid_hash", "$ci ", "$si", 60);
fix_nated_contact();
#search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
xlog("L_INFO", " Stored call-id [$ci] as belonging to media server [$si]");
} }
} }
@ -535,12 +544,20 @@ failure_route[1]
ds_mark_dst("p"); ds_mark_dst("p");
if (ds_next_domain())
# if (ds_next_domain())
if(ds_select_domain("1", "4"))
{ {
xlog("L_ERR", " Hunting for avaliable media server..."); xlog("L_ERR", " Hunting for avaliable media server...");
xlog("L_INFO", " Sent [$rm] [$ru] to [$rd]"); xlog("L_INFO", " Sent [$rm] [$ru] to [$rd]");
if ($ct.fields(uri) && is_method("INVITE"))
{
xlog("L_INFO", " Stored [$(ct.fields(uri){uri.user})] as belonging to media server [$rd]");
cache_store("memcached_callid_hash", "$(ct.fields(uri){uri.user})", "$rd", 3600);
}
t_relay(); t_relay();
exit; exit;
@ -555,3 +572,4 @@ failure_route[1]
exit; exit;
} }

Write Preview
Loading…
Cancel
Save