opensips(二):NAT官方脚本
一、官方脚本修改
# # OpenSIPS residential configuration script # by OpenSIPS Solutions <team@opensips-solutions.com> # # This script was generated via "make menuconfig", from # the "Residential" scenario. # You can enable / disable more features / functionalities by # re-generating the scenario with different options.# # # Please refer to the Core CookBook at: # https://opensips.org/Resources/DocsCookbooks # for a explanation of possible statements, functions and parameters. # ####### Global Parameters ######### log_level=3 log_stderror=no log_facility=LOG_LOCAL0 children=4 /* uncomment the following lines to enable debugging */ #debug_mode=yes /* uncomment the next line to enable the auto temporary blacklisting of not available destinations (default disabled) */ #disable_dns_blacklist=no /* uncomment the next line to enable IPv6 lookup after IPv4 dns lookup failures (default disabled) */ #dns_try_ipv6=yes /* comment the next line to enable the auto discovery of local aliases based on reverse DNS on IPs */ auto_aliases=no listen=udp:192.168.1.100:5060 # CUSTOMIZE ME listen=tcp:192.168.1.100:5060 # CUSTOMIZE ME ####### Modules Section ######## #set module path mpath="/usr/local/lib/opensips/modules/" #### SIGNALING module loadmodule "signaling.so" #### StateLess module loadmodule "sl.so" #### Transaction Module loadmodule "tm.so" modparam("tm", "fr_timeout", 5) modparam("tm", "fr_inv_timeout", 30) modparam("tm", "restart_fr_on_each_reply", 0) modparam("tm", "onreply_avp_mode", 1) #### Record Route Module loadmodule "rr.so" /* do not append from tag to the RR (no need for this script) */ modparam("rr", "append_fromtag", 0) #### MAX ForWarD module loadmodule "maxfwd.so" #### SIP MSG OPerationS module loadmodule "sipmsgops.so" #### FIFO Management Interface loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("mi_fifo", "fifo_mode", 0666) #### URI module loadmodule "uri.so" modparam("uri", "use_uri_table", 0) #### MYSQL module loadmodule "db_mysql.so" #### USeR LOCation module loadmodule "usrloc.so" modparam("usrloc", "nat_bflag", "NAT") modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME #### REGISTRAR module loadmodule "registrar.so" modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") modparam("registrar", "received_avp", "$avp(received_nh)")/* uncomment the next line not to allow more than 10 contacts per AOR */ #modparam("registrar", "max_contacts", 10) #### ACCounting module loadmodule "acc.so" /* what special events should be accounted ? */ modparam("acc", "early_media", 0) modparam("acc", "report_cancels", 0) /* by default we do not adjust the direct of the sequential requests. if you enable this parameter, be sure the enable "append_fromtag" in "rr" module */ modparam("acc", "detect_direction", 0) modparam("acc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME #### AUTHentication modules loadmodule "auth.so" loadmodule "auth_db.so" modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db|uri", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME modparam("auth_db", "load_credentials", "") #### ALIAS module loadmodule "alias_db.so" modparam("alias_db", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME #### DIALOG module loadmodule "dialog.so" modparam("dialog", "dlg_match_mode", 1) modparam("dialog", "default_timeout", 21600) # 6 hours timeout modparam("dialog", "db_mode", 2) modparam("dialog", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME #### NAT modules loadmodule "nathelper.so" modparam("nathelper", "natping_interval", 10) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG") modparam("nathelper", "sipping_from", "sip:pinger@127.0.0.1") #CUSTOMIZE ME modparam("nathelper", "received_avp", "$avp(received_nh)") loadmodule "rtpproxy.so" modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:1111") # CUSTOMIZE ME loadmodule "proto_udp.so" loadmodule "proto_tcp.so" ####### Routing Logic ######## loadmodule “mediaproxy.so” modparam(“mediaproxy”, “disable”, 0) modparam(“mediaproxy”, “mediaproxy_socket”, “/var/run/mediaproxy/dispatcher.sock”) modparam(“mediaproxy”, “mediaproxy_timeout”, 1000) modparam(“mediaproxy”, “signaling_ip_avp”, “$avp(nat_ip)”) modparam(“mediaproxy”, “media_relay_avp”, “$avp(media_relay)”) modparam(“mediaproxy”, “ice_candidate”, “low-priority”) # main request routing logic route{ # initial NAT handling; detect if the request comes from behind a NAT # and apply contact fixing force_rport(); if (nat_uac_test("23")) { if (is_method("REGISTER")) { fix_nated_register(); setbflag(NAT); } else { fix_nated_contact(); setflag(NAT); } } if (!mf_process_maxfwd_header("10")) { send_reply("483","Too Many Hops"); exit; } if (has_totag()) { # handle hop-by-hop ACK (no routing required) if ( is_method("ACK") && t_check_trans() ) { t_relay(); exit; } # sequential request within a dialog should # take the path determined by record-routing if ( !loose_route() ) { # we do record-routing for all our traffic, so we should not # receive any sequential requests without Route hdr. send_reply("404","Not here"); exit; } # validate the sequential request against dialog if ( $DLG_status != NULL && !validate_dialog() ) { xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n"); ## exit; } if (is_method("BYE")) { # do accounting even if the transaction fails do_accounting("db","failed"); } if (check_route_param("nat=yes")) setflag(NAT); # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(relay); exit; } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } # absorb retransmissions, but do not create transaction t_check_trans(); if ( !(is_method("REGISTER") ) ) { if (is_myself("$fd")) { # authenticate if from local subscriber # authenticate all initial non-REGISTER request that pretend to be # generated by local subscriber (domain from FROM URI is local) if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); exit; } if (!db_check_from()) { send_reply("403","Forbidden auth ID"); exit; } consume_credentials(); # caller authenticated } else { # if caller is not local, then called number must be local if (!is_myself("$rd")) { send_reply("403","Relay Forbidden"); exit; } } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); # account only INVITEs if (is_method("INVITE")) { # create dialog with timeout if ( !create_dialog("B") ) { send_reply("500","Internal Server Error"); exit; } do_accounting("db"); } if (!is_myself("$rd")) { append_hf("P-hint: outbound\r\n"); route(relay); } # requests for my domain if (is_method("PUBLISH|SUBSCRIBE")) { send_reply("503", "Service Unavailable"); exit; } if (is_method("REGISTER")) { # authenticate the REGISTER requests if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; } if (!db_check_to()) { send_reply("403","Forbidden auth ID"); exit; } if ($proto == "tcp") setflag(TCP_PERSISTENT); if (isflagset(NAT)) { setbflag(SIP_PING_FLAG); } if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI send_reply("484","Address Incomplete"); exit; } # apply DB based aliases alias_db_lookup("dbaliases"); # do lookup with method filtering if (!lookup("location","m")) { if (!db_does_uri_exist()) { send_reply("420","Bad Extension"); exit; } t_reply("404", "Not Found"); exit; } if (isbflagset(NAT)) setflag(NAT); # when routing via usrloc, log the missed calls also do_accounting("db","missed"); route(relay); } route[relay] { # for INVITEs enable some additional helper routes if (is_method("INVITE")) { if (isflagset(NAT)) { rtpproxy_offer("ro"); } t_on_branch("per_branch_ops"); t_on_reply("handle_nat"); t_on_failure("missed_call"); } if (isflagset(NAT)) { add_rr_param(";nat=yes"); } if (!t_relay()) { send_reply("500","Internal Error"); } exit; } branch_route[per_branch_ops] { xlog("new branch at $ru\n"); } onreply_route[handle_nat] { if (nat_uac_test("1")) fix_nated_contact(); if ( isflagset(NAT) ) rtpproxy_answer("ro"); xlog("incoming reply\n"); } failure_route[missed_call] { if (t_was_cancelled()) { exit; } # uncomment the following lines if you want to block client # redirect based on 3xx replies. ##if (t_check_status("3[0-9][0-9]")) { ##t_reply("404","Not found"); ## exit; ##} } local_route { if (is_method("BYE") && $DLG_dir=="UPSTREAM") { acc_db_request("200 Dialog Timeout", "acc"); } }