Example of opensips.cfg for ALG detection

opensips/opensips.cfg

@@ -0,0 +1,314 @@
+#
+# OpenSIPS residential configuration script
+#     by OpenSIPS Solutions <team@opensips-solutions.com>
+#
+# This script was generated via "make menuconfig", from
+#   the "Residential" scenario.
+# You can enable / disable more features / functionalities by
+#   re-generating the scenario with different options.#
+#
+# Please refer to the Core CookBook at:
+#      http://www.opensips.org/Resources/DocsCookbooks
+# for a explanation of possible statements, functions and parameters.
+#
+
+
+####### Global Parameters #########
+
+log_level=3
+log_stderror=no
+log_facility=LOG_LOCAL0
+
+children=4
+
+/* uncomment the following lines to enable debugging */
+#debug_mode=yes
+
+/* uncomment the next line to enable the auto temporary blacklisting of 
+   not available destinations (default disabled) */
+#disable_dns_blacklist=no
+
+/* uncomment the next line to enable IPv6 lookup after IPv4 dns 
+   lookup failures (default disabled) */
+#dns_try_ipv6=yes
+
+/* comment the next line to enable the auto discovery of local aliases
+   based on reverse DNS on IPs */
+auto_aliases=no
+
+
+listen=udp:eth0:5060   # CUSTOMIZE ME
+
+
+
+####### Modules Section ########
+
+#set module path
+mpath="/usr/lib/x86_64-linux-gnu/opensips/modules/"
+
+#### SIGNALING module
+loadmodule "signaling.so"
+
+#### StateLess module
+loadmodule "sl.so"
+
+#### Transaction Module
+loadmodule "tm.so"
+modparam("tm", "fr_timeout", 5)
+modparam("tm", "fr_inv_timeout", 30)
+modparam("tm", "restart_fr_on_each_reply", 0)
+modparam("tm", "onreply_avp_mode", 1)
+
+#### Record Route Module
+loadmodule "rr.so"
+/* do not append from tag to the RR (no need for this script) */
+modparam("rr", "append_fromtag", 0)
+
+#### MAX ForWarD module
+loadmodule "maxfwd.so"
+
+#### SIP MSG OPerationS module
+loadmodule "sipmsgops.so"
+
+#### FIFO Management Interface
+loadmodule "mi_fifo.so"
+modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
+modparam("mi_fifo", "fifo_mode", 0666)
+
+#### URI module
+loadmodule "uri.so"
+modparam("uri", "use_uri_table", 0)
+
+#### USeR LOCation module
+loadmodule "usrloc.so"
+modparam("usrloc", "nat_bflag", "NAT")
+modparam("usrloc", "working_mode_preset", "single-instance-no-db")
+
+#### REGISTRAR module
+loadmodule "registrar.so"
+modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
+/* uncomment the next line not to allow more than 10 contacts per AOR */
+#modparam("registrar", "max_contacts", 10)
+
+#### ACCounting module
+loadmodule "acc.so"
+/* what special events should be accounted ? */
+modparam("acc", "early_media", 0)
+modparam("acc", "report_cancels", 0)
+/* by default we do not adjust the direct of the sequential requests.
+   if you enable this parameter, be sure to enable "append_fromtag"
+   in "rr" module */
+modparam("acc", "detect_direction", 0)
+
+loadmodule "proto_udp.so"
+
+####### Routing Logic ########
+
+# main request routing logic
+
+route{
+
+	# Check if ALG present
+	if($rU=="algtest") { 
+		route(algtest);
+	} else {
+		sl_send_reply("403","Forbidden");
+		exit;
+	}
+
+	if (!mf_process_maxfwd_header("10")) {
+		send_reply("483","Too Many Hops");
+		exit;
+	}
+
+	if (has_totag()) {
+
+		# handle hop-by-hop ACK (no routing required)
+		if ( is_method("ACK") && t_check_trans() ) {
+			t_relay();
+			exit;
+		}
+
+		# sequential request within a dialog should
+		# take the path determined by record-routing
+		if ( !loose_route() ) {
+			# we do record-routing for all our traffic, so we should not
+			# receive any sequential requests without Route hdr.
+			send_reply("404","Not here");
+			exit;
+		}
+
+		if (is_method("BYE")) {
+			# do accounting even if the transaction fails
+			do_accounting("log","failed");
+		}
+
+		# route it out to whatever destination was set by loose_route()
+		# in $du (destination URI).
+		route(relay);
+		exit;
+	}
+
+	# CANCEL processing
+	if (is_method("CANCEL")) {
+		if (t_check_trans())
+			t_relay();
+		exit;
+	}
+
+	# absorb retransmissions, but do not create transaction
+	t_check_trans();
+
+	if ( !(is_method("REGISTER")  ) ) {
+
+		if (is_myself("$fd")) {
+
+		} else {
+			# if caller is not local, then called number must be local
+
+			if (!is_myself("$rd")) {
+				send_reply("403","Relay Forbidden");
+				exit;
+			}
+		}
+
+	}
+
+	# preloaded route checking
+	if (loose_route()) {
+		xlog("L_ERR",
+			"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
+		if (!is_method("ACK"))
+			send_reply("403","Preload Route denied");
+		exit;
+	}
+
+	# record routing
+	if (!is_method("REGISTER|MESSAGE"))
+		record_route();
+
+	# account only INVITEs
+	if (is_method("INVITE")) {
+
+		do_accounting("log");
+	}
+
+
+	if (!is_myself("$rd")) {
+		append_hf("P-hint: outbound\r\n"); 
+
+		route(relay);
+	}
+
+	# requests for my domain
+
+	if (is_method("PUBLISH|SUBSCRIBE")) {
+		send_reply("503", "Service Unavailable");
+		exit;
+	}
+
+	if (is_method("REGISTER")) {
+
+		if (!save("location"))
+			sl_reply_error();
+
+		exit;
+	}
+
+	if ($rU==NULL) {
+		# request with no Username in RURI
+		send_reply("484","Address Incomplete");
+		exit;
+	}
+
+	# do lookup with method filtering
+	if (!lookup("location","m")) {
+		t_reply("404", "Not Found");
+		exit;
+	}
+
+	# when routing via usrloc, log the missed calls also
+	do_accounting("log","missed");
+	route(relay);
+}
+
+
+route[relay] {
+	# for INVITEs enable some additional helper routes
+	if (is_method("INVITE")) {
+		t_on_branch("per_branch_ops");
+		t_on_reply("handle_nat");
+		t_on_failure("missed_call");
+	}
+
+	if (!t_relay()) {
+		send_reply("500","Internal Error");
+	}
+	exit;
+}
+
+route[algtest] {
+	$var(test)=$(hdr(X-ALG-TEST){s.int});
+	$var(hashct)=$(ct.fields(uri){uri.host}{s.md5});
+	$var(hashpreip)=$hdr(X-ALG-PREIP);
+	$var(sdpc)= $(rb{sdp.line,c});
+	$var(sdpcip)=$(var(sdpc){s.substr,9,0});
+	$var(hashsdp)=$(var(sdpcip){s.md5});
+	$var(via)=$hdr(Via);
+	$var(viaip)=$(var(via){s.select,0,:}{s.substr,12,0});
+	$var(hashvia)=$(var(viaip){s.md5});
+	xlog("hash=$var(hashpreip)");
+	xlog("Contact IP=$(ct.fields(uri){uri.host}) hash=$var(hashct)\n");
+	xlog("SDP IP=$var(sdpcip), hash=$var(hashsdp)");
+	xlog("VIA IP=$var(viaip), hash=$var(hashvia)");
+
+	#Contact test
+	if($var(hashpreip)!=$var(hashct) && [$var(test) & 1]) {
+		sl_send_reply("500","ALG detected");
+		exit;
+	} 
+
+	#Via test
+	if($var(hashpreip)!=$var(hashvia) && [$var(test) & 2]) {
+		sl_send_reply("500","ALG detected");
+		exit;
+	} 
+
+	#SDP test
+	if($var(hashpreip)!=$var(hashsdp) && [$var(test) & 4]) {
+		sl_send_reply("500","ALG detected");
+		exit;
+	} 
+
+	sl_send_reply("200","OK");
+	exit;
+
+}
+
+
+branch_route[per_branch_ops] {
+	xlog("new branch at $ru\n");
+}
+
+
+onreply_route[handle_nat] {
+	xlog("incoming reply\n");
+}
+
+
+failure_route[missed_call] {
+	if (t_was_cancelled()) {
+		exit;
+	}
+
+	# uncomment the following lines if you want to block client 
+	# redirect based on 3xx replies.
+	##if (t_check_status("3[0-9][0-9]")) {
+	##t_reply("404","Not found");
+	##	exit;
+	##}
+
+
+}
+
+

pysip.git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

pysip.git/config

@@ -0,0 +1,8 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+[remote "origin"]
+	url = https://gitlab.sippulse.com/vitor/pysip.git
+	fetch = +refs/*:refs/*
+	mirror = true

pysip.git/description

@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.

pysip.git/hooks/applypatch-msg.sample

@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:

pysip.git/hooks/commit-msg.sample

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}