# # $Id$ # # iptel.org real world configuration # # ----------- global configuration parameters ------------------------ debug=4 # debug level (cmd line: -dddddddddd) fork=no #log_stderror=no # (cmd line: -E) log_stderror=yes # (cmd line: -E) #check_via=yes # (cmd. line: -v) #check_via=0 dns=on # (cmd. line: -r) rev_dns=yes # (cmd. line: -R) port=5069 #port=8060 children=1 # advertise IP address in Via (as opposed to advertising DNS name # which is annoying for downstream servers and some phones can # not handle DNS at all) listen=195.37.77.100 #listen=bat.iptel.org # ------------------ module loading ---------------------------------- loadmodule "../sip_router/modules/sl/sl.so" loadmodule "../sip_router/modules/print/print.so" #loadmodule "../sip_router/modules/tm/tm.so" loadmodule "../sip_router/modules/acc/acc.so" loadmodule "../sip_router/modules/rr/rr.so" loadmodule "../sip_router/modules/maxfwd/maxfwd.so" loadmodule "../sip_router/modules/mysql/mysql.so" loadmodule "../sip_router/modules/usrloc/usrloc.so" loadmodule "../sip_router/modules/auth/auth.so" loadmodule "../sip_router/modules/cpl/cpl.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("usrloc", "use_database", 1) modparam("usrloc", "table", "location") modparam("usrloc", "user_column", "user") modparam("usrloc", "contact_column", "contact") modparam("usrloc", "expires_column", "expires") modparam("usrloc", "q_column", "q") modparam("usrloc", "callid_column", "callid") modparam("usrloc", "cseq_column", "cseq") modparam("usrloc", "flush_interval", 60) modparam("usrloc", "db_url", "sql://root:@localhost/ser") # -- auth params -- modparam("auth", "db_url", "sql://root:@localhost/ser") modparam("auth", "user_column", "user") # nonce generation secret; particularly useful if multiple servers # in a proxy farm are configured to authenticate modparam("auth", "secret", "439tg8h349g8hq349t9384hg") # calculate_ha1=false means password column includes ha1 strings; # if it was false, plain-text passwords would be assumed # the database credentials in hashed form modparam("auth", "calculate_ha1", false) modparam("auth", "password_column", "ha1") # password_column, realm_column, group_table, group_user_column, # group_group_column are set to their default values # password_column_2 allows to deal with clients who put domain name # in authentication credentials when calculate_ha1=false (if true, # it works); if set to a value and USER_DOMAIN_HACK was enabled # in defs.h, authentication will still work modparam("auth", "password_column_2", "ha1b") # the database in plain-text alternative: #modparam("auth", "calculate_ha1", true ) #modparam("auth", "password_column", "password") modparam("auth", "nonce_expire", 300) modparam("auth", "retry_count", 3) # -- acc params -- # report ACKs too for sake of completeness -- as we account PSTN # destinations which are RR, ACKs should show up modparam("acc", "report_ack", 1) # don't bother me with early media reports (I don't like 183 # too much anyway...ever thought of timer C hitting after # listening to music-on-hold for five minutes?) modparam("acc", "early_media", 0) modparam("acc", "log_level", 1) # that is the flag for which we will account -- don't forget to # set the same one :-) modparam("acc", "acc_flag", 1 ) # we are interested only in succesful transactions modparam("acc", "failed_transactions", 0 ) # -- tm params -- modparam("tm", "fr_timer", 30 ) modparam("tm", "fr_inv_timer", 60 ) # ------------------------- request routing logic ------------------- # main routing logic route{ # filter local stateless ACK generated by authentication of mf replies sl_filter_ACK(); # filter too old messages log("LOG: Checking maxfwd\n"); if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Too Many Hops"); break; }; if (method=="REGISTER") { log("LOG Request is REGISTER\n"); if (!www_authorize( "bat.iptel.org" /* realm */, "subscriber" /* table name */ )) { log("LOG: REGISTER has no credentials, sending challenge\n"); www_challenge( "bat.iptel.org" /* realm */, "0" /* no qop -- M$ can't deal with it */); break; }; # prohibit attempts to grab someone else's To address # using valid credentials if (!is_user("replicator")) { log("LOG: To Cheating attempt\n"); sl_send_reply("403", "That is ugly -- use To=id next time"); break; }; # update Contact database log("LOG: REGISTER is authorized, saving location\n"); save_contact("location"); break; }; }