[OpenSIPS-Users] Opensips1.7 with MediaProxy

LAVer avlytaev82 at gmail.com
Fri Feb 28 08:39:01 CET 2014


Here is an example CFG-file that works now:
The message "183" prefix and visible IP gateway. And that could be a threat
of fraud.
Here: if you use the function topology_hiding (); it does not happen a fair
exchange:
"BYE" comes to the message "404", "Not here" rather than "200 OK"
I use client_nat_test to cut off all requests for registration are NAT, but
it does not work!


port=5060
listen=udp:85.85.85.85:5060 #Opensips-server
route{
if (has_totag()) {
    if (loose_route()) {
    if (is_method("BYE")) {
    setflag(1);
    setflag(3);}
    else if (is_method("INVITE")) {
    #topology_hiding();
    record_route();    }
    route(1);}
    else {
    if ( is_method("ACK") ) {
    if ( t_check_trans() ) {
    t_relay();
    exit;}
    else {
    exit;
    }}
    sl_send_reply("404","Not here");
    }
    exit;
}

#initial requests
if (is_method("CANCEL")){
if (t_check_trans())
t_relay();
exit;}

t_check_trans();

# authenticate if from local subscriber (uncomment to enable auth)
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is local)

if (!(method=="REGISTER") && from_uri==myself) #/*no multidomain version*/
{if (!proxy_authorize("", "subscriber"))
{proxy_challenge("", "0");
exit;}
if (!db_check_from())
{sl_send_reply("403","Forbidden auth ID");
exit;}
consume_credentials();
}

# preloaded route checking
if (loose_route())
{xlog("L_ERR","Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))    sl_send_reply("403","Preload Route denied");
exit;
}

# record routing
if (!is_method("REGISTER|MESSAGE")) record_route();

# account only INVITEs    if (is_method("INVITE"))
{
# if (!src_ip=="85.85.85.11") #CISCO MGW IP
#{
#        topology_hiding();
#        }
setflag(1); # do accounting
}

if (!uri==myself)    ## replace with following line if multi-domain support
is used
{
route(1);}

# requests for my domain
if (is_method("PUBLISH")){
sl_send_reply("503", "Service Unavailable");
exit;}

if (is_method("REGISTER")){
#        if(client_nat_test("3"))
#        {
#            sl_send_reply("403", "Not working NAT");
#            exit;
#        }

# authenticate the REGISTER requests (uncomment to enable auth)
if (!www_authorize("", "subscriber"))    {
www_challenge("", "0");
exit;}
if (!db_check_to()) {
sl_send_reply("403","Forbidden auth ID");
exit;}
if (!save("location"))
sl_reply_error();
exit;
}

if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}

# do lookup with method filtering
if ((src_ip=="85.85.85.11") && (!lookup("location")))
{
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}}

# when routing via usrloc, log the missed calls also
setflag(2);

if (src_ip=="85.85.85.11") {
route(1);}
route(3);
}

route[1] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("2");
t_on_reply("2");
t_on_failure("1");}
if (!t_relay()) {
sl_reply_error();};
exit;}
####################################################
route[3] {
prefix("9999");
rewritehostport("85.85.85.11:5060");
if (!t_relay()) {
sl_reply_error();
};exit;
}
####################################################
branch_route[2] { xlog("new branch at $ru\n");}
onreply_route[2] { xlog("incoming reply\n"); }

failure_route[1] {
if (t_was_cancelled()) {exit;}}



--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Opensips1-7-with-MediaProxy-tp7589762p7589832.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.



More information about the Users mailing list