diff --git a/kamailio/websockets-role.cfg b/kamailio/websockets-role.cfg index 2a0ad5c..e24f6b3 100644 --- a/kamailio/websockets-role.cfg +++ b/kamailio/websockets-role.cfg @@ -1,12 +1,15 @@ ######## Websocket module ######## tcp_accept_no_cl=yes +######## Generic Hash Table container in shared memory ######## +modparam("htable", "htable", "websockets=>size=16;autoexpire=7200") + ######## Basic HTTP request handling ######## loadmodule "xhttp.so" ######## Websocket module ######## loadmodule "websocket.so" -modparam("websocket", "keepalive_mechanism", 1) +modparam("websocket", "keepalive_mechanism", 0) modparam("websocket", "keepalive_timeout", 30) modparam("websocket", "keepalive_processes", 1) modparam("websocket", "keepalive_interval", 1) @@ -48,30 +51,74 @@ route[NAT_WEBSOCKETS_CORRECT] event_route[xhttp:request] { - xlog("L_INFO", "HTTP Request Received\n"); set_reply_close(); set_reply_no_connect(); - if ($hdr(Upgrade) =~ "websocket" && $hdr(Connection) =~ "Upgrade" && $rm =~ "GET") { - xlog("L_INFO", "websocket request from $si:$sp received\n"); + if (!($rm =~ "GET")) { + xlog("L_INFO", "websocket|log|rejecting HTTP request $rm from $si:$sp\n"); + xhttp_reply("405", "Method Not Allowed", "", ""); + exit; + } - # Validate Host - make sure the client is using the correct - # alias for WebSockets - if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) { - xlog("L_WARN", "websocket request had bad host $hdr(Host)\n"); - xhttp_reply("403", "Forbidden", "", ""); - exit; - } + if (!($hdr(Connection) =~ "Upgrade")) { + xlog("L_INFO", "websocket|log|rejecting HTTP connection $hdr(Connection) request from $si:$sp\n"); + xhttp_reply("400", "Bad Request", "", ""); + exit; + } - # ws_handle_handshake() exits (no further configuration file - # processing of the request) when complete. - if (ws_handle_handshake()) { - exit; - } + if (!($hdr(Upgrade) =~ "websocket")) { + xlog("L_INFO", "websocket|log|rejecting HTTP upgrade $hdr(Upgrade) request from $si:$sp\n"); + xhttp_reply("400", "Bad Request", "", ""); + exit; + } + + if (!($hdr(Sec-WebSocket-Protocol) =~ "sip")) { + xlog("L_INFO", "websocket|log|rejecting request for websocket protocol $hdr(Sec-WebSocket-Protocol) from $si:$sp\n"); + xhttp_reply("400", "Bad Request", "", ""); + exit; + } + +# if (!($hdr(Origin) =~ "www.2600hz.com")) { +# xlog("L_INFO", "websocket|log|rejecting HTTP request with unknown origin $hdr(Origin) from $si:$sp\n"); +# xhttp_reply("400", "Bad Request", "", ""); +# exit; +# } + + if($sht(websockets=>$si::count) == $null) { + $var(count) = 1; + } else { + $var(count) = $sht(websockets=>$si::count) + 1; } + + if($var(count) > 50) { + xlog("L_WARN", "websocket|log|$si:$sp is at the maximum allowable sockets per IP, rejecting request for another websocket\n"); + xhttp_reply("403", "Forbidden", "", ""); + exit; + } + + if (ws_handle_handshake()) { + $sht(websockets=>$si::count) = $var(count); + xlog("L_INFO", "websocket|log|opened websocket $var(count) of 50 for $si:$sp\n"); + exit; + } + + xlog("L_INFO", "websocket|log|unhandled HTTP request $rm from $si:$sp\n"); xhttp_reply("404", "Not Found", "", ""); } event_route[websocket:closed] { - xlog("L_INFO", "websocket connection from $si:$sp has closed\n"); + if($sht(websockets=>$si::count) == $null) { + xlog("L_INFO", "websocket|log|closed websocket from $si:$sp\n"); + exit(); + } + + $var(count) = $sht(websockets=>$si::count) - 1; + + if ($var(count) < 1) { + xlog("L_INFO", "websocket|log|$si:$sp closed last websocket to that IP\n"); + $sht(websockets=>$si::count) = $null; + } else { + $sht(websockets=>$si::count) = $var(count); + xlog("L_INFO", "websocket|log|closed websocket from $si:$sp, $var(count) remaining from that IP\n"); + } }