#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# -----------------global configuration parameters --------------------------------------

debug=3  #debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no  # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/

check_via=yes  #(cmd line: -v)
dns=no         #(cmd line: -r)
rev_dns=no     #(cmd line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"

sip_warning=yes
server_signature=yes
reply_to_via=no
listen=x.x.x.243
listen=127.0.0.1

alias=mydomain.com
alias=sip.mydomain.com
alias=x.x.x.243
alias=127.0.0.1

# ----------------module loading ----------------------------------------------------------

# MySQL Support
loadmodule "/usr/local/lib/ser/modules/mysql.so"
# unknown
loadmodule "/usr/local/lib/ser/modules/sl.so"
# T-relay?
loadmodule "/usr/local/lib/ser/modules/tm.so"
# Record-routing and Loose-routing module
loadmodule "/usr/local/lib/ser/modules/rr.so"
# Count max forwards
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
# use of MySQL database for user location state saving
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# Comment these lines to disable digest authentication
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# Accounting support - requires mysql
loadmodule "/usr/local/lib/ser/modules/acc.so"
# Execute outside programs
loadmodule "/usr/local/lib/ser/modules/exec.so"
# Allow use of group membership
loadmodule "/usr/local/lib/ser/modules/group.so"
#loadmodule "/usr/local/lib/ser/modules/print.so"
# URI and Text operations support - allows lines like 'if uri=~"[679][0-9]+@"'
# and 'if (search(from:|F:))' in routing code
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# NAT Transversal support - required for NAT support, but forces all traffic
# to proxy through our server, which greatly limits scalability
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# Native Voicemail support
loadmodule "/usr/local/lib/ser/modules/vm.so"

#-----------------module-specific parameters ----------------------------------------------
#-----userloc parameters-----------------------
#Set this at 0 to disable SQL database support for persistant storage
#Set at 2 to use MySQL
modparam("usrloc", "db_mode", 2)

#-----auth params------------------------------
#required for auth module
modparam("auth", "secret", "43789bfdbc34890")
modparam("auth_db", "calculate_ha1", 1)
# If you set "calculate_ha1" parameter to 1 (true), you need the following line:
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_url", "mysql://ser:nscser@localhost/ser")

#-----rr params -------------------------------
# add value to lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
#-----tm params
# fr_timer is the timeout for transactions
modparam("tm", "fr_timer", 18)
# fr_inv_timer is the timeout for opening calls (INVITE)
modparam("tm", "fr_inv_timer", 24)

#-----accounting paramters--------------------
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
modparam("acc", "db_url", "mysql://ser:nscser@localhost/ser")
modparam("acc", "report_ack", 1)
modparam("acc", "failed_transactions", 1)
modparam("acc", "db_flag", 1)
modparam("acc", "report_cancels", 1)
modparam("acc", "db_missed_flag", 1)
modparam("acc", "log_fmt", "fisum")

#-----nathelper and mediaproxy paramters-------
modparam("nathelper", "natping_interval", 10)


#-----voicemail paramters----------------------
modparam("voicemail", "db_url", "sql://ser:nscser@localhost/ser")
modparam("voicemail", "email_column", "email")
modparam("voicemail", "subscriber_table", "subscriber")
modparam("voicemail", "user_column", "user")
modparam("voicemail", "domain_column", "domain")

#-----------------END Module Parameters -----------------------------------------------
#-----------------routing logic begins here -------------------------------------------
#-----main routing logic

route{

	setflag(1);

	# initial sanity checks - messages with
	# max forwards==0 or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483", "Too Many Hops");
		log(1, "LOG:483 - Too Many Hops, dropping connection\n");
		break;
	};
	if (msg:len > max_len) {
		sl_send_reply("513", "Message Too Big");
		log(1, "LOG:513-Message too Big, dropping connection\n");
		break;
	};

	# Special Handling for NATed clients:
	# First, NAT test is executed - it looks
	# for via!=recieved and RFC1918 addresses
	# in contact (may fail if line-folding is used);
	# also the recieved test should, if completed,
	# check all vias for precense of recieved.
	if (nat_uac_test("3")) {
		# Allow RR-ed requests, as these may
		# indicate that a NAT-enabled proxy
		# already handles it, unless REGISTER
		# also, allow VPN users from 172.16.8.0/24
		if (method == "REGISTER" || !search("^Record-Route:") || !uri=~"172\.16\.8\.[0-9]+@") {
			log(1, "LOG:Someone trying to register from private IP, rewriting\n");
			# THis only works for UAs that support
			# symmetric communication - works on most
			fix_nated_contact();
			if (method == "INVITE") {
				fix_nated_sdp("1");  # Add direction=active to SDP
			};
			force_rport();               # Add rport parameter to topmost Via
			setflag(6);                  # Mark as NATed
		};
	};

	# We Record-Route all messages - to make sure
	# that subsequent messages will go through
	# our proxy - neccessary for accounting, and if
	# downstream entities use different transport
	# protocol
	record_route();

	# If the request is for other domain, use UsrLoc
	# (in case it doesn't work, use the following
	# command with proper names and addresses)
	# This requires use of "alias=" in global parameters
	lookup("aliases");
	if (uri==myself) {
		if (method == "REGISTER") {
			# Force digest authentication, but not for the PBX Gateway
			if (!www_authorize("mydomain.com", "subscriber") && !(src_ip==x.x.x.155)) {
				www_challenge("mydomain.com", "0");
				break;
			};
			if (!is_user("replicator") && !check_to()) {
				log(1, "LOG: unregistered user registration attempt\n");
				sl_send_reply("403", "Only registered users allowed");
				break;
			};
			if (!save("location")) {
				sl_reply_error();
				log(1, "LOG: error saving location\n");
			};
			break;
		};

		# Native SIP destinations are handled using userloc DB
		if (!lookup("location")) {
			if (does_uri_exist()) {
				# Can't find the user's location, but know they
				# are a subscriber?  Check if they are a voicemail
				# user and send them there, otherwise, tell UA
				# that callee is offline.
				if (is_user_in("To", "voicemail")) {
					vm("/tmp/vm_fifo", "vlicemail");
					log(1, "LOG: Caller sent to Voicemail\n");
					break;
				};
				sl_send_reply("404", "User Offline");
				log(1, "LOG: User offline\n");
				break;
			};
			if (uri=~"^sip:[679][0-9]+@") {
				# /6([0-9]+)/ goes to voicemail for $1
				# /7([0-9]+)/ goes to extension $1
				# /9([0-9]+)/ goes to outside number $1 (dials the 9 for you)
				# so we just check that they are a valid PBX user
				# so nobody outside uses us as a free PBX
				if (is_user_in("From", "freepstn")) {
					rewritehostport("voip-pbx.mydomain.com:5060");
					forward(uri:host, uri:port);
					log(1, "LOG: User dialing PBX Gateway\n");
					break;
				};
				sl_send_reply("403", "Only registered users allowed");
				break;
			};
			sl_send_reply("404", "Location not found");
			log(1, "LOG: Dial placed to unknown location\n");
			break;
		};
		route(1);
		break;
	};
}

route[1]
{
	lookup("aliases");
	if (uri=~"[@:](192\.168\.|10\.|172\.(1[7-9]|2[0-9]|3[0-2])\.)" && !search("^Route:")) {
		sl_send_reply("479", "We don't forward to private IP addresses");
		log(1, "LOG: Forward attempted to private IP address\n");
		break;
	};

	# If client or server known to be behind NAT, enable relay
	if (isflagset(6)) {
		force_rtp_proxy();
		log(1, "LOG: forcing RTP Proxy\n");
	};

	# NAT processing of replies: apply to all transactions
	# (for example re-INVITEs from public to private
	# UA are hard to identify as NATed at the moment of
	# request processing); look at replies
	t_on_reply("1");

	# loose-route processing
	if (loose_route()) {
		t_relay();
		break;
	};

	# forward to current uri now: use stateful forwarding:
	# use stateful forwarding - it works reliably even if
	# we forward from TCP to UDP
	if (!t_relay()) {
		sl_reply_error();
	};
}

onreply_route[1]
{
	# NATed transaction?
	if (isflagset(6) && status=~"(183)|2[0-9][0-9]") {
		fix_nated_contact();
		force_rtp_proxy();
		log(1, "LOG: Fixed NATed contact, forced RTP PRoxy on reply\n");
		# otherwise, it is a transaction behind a NAT and we
		# did not know at time of request processing? (RFC1918 contacts)
	} else if (nat_uac_test("1")) {
		fix_nated_contact();
	};
}