Fix for session refresh and IPSec forwarding
This commit is contained in:
herlesupreeth
@@ -14,6 +14,9 @@ alias=IMS_DOMAIN
|
||||
|
||||
#!define ENUM_SUFFIX "IMS_DOMAIN."
|
||||
|
||||
# Maximum lifetime of a subscription in seconds (same is advertised to UE)
|
||||
#!substdef "/UE_SUBSCRIPTION_EXPIRES/SUBSCRIPTION_EXPIRES_ENV/g"
|
||||
|
||||
# SIP-Address of capturing node, if not set, capturing is disabled.
|
||||
##!define CAPTURE_NODE "sip:127.0.0.1:9060"
|
||||
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
QueueLength="32"
|
||||
TransactionTimeout="5"
|
||||
SessionsHashSize="128"
|
||||
DefaultAuthSessionTimeout="3600"
|
||||
MaxAuthSessionTimeout="3600"
|
||||
DefaultAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
MaxAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
>
|
||||
|
||||
<Peer FQDN="hss.IMS_DOMAIN" Realm="IMS_DOMAIN" port="PYHSS_BIND_PORT"/>
|
||||
|
||||
@@ -80,11 +80,15 @@ then
|
||||
mysql -u root -h ${MYSQL_IP} icscf -e "INSERT INTO s_cscf_capabilities (id_s_cscf, capability) VALUES ('$SCSCF_ID', 0),('$SCSCF_ID', 1);"
|
||||
fi
|
||||
|
||||
SUBSCRIPTION_EXPIRES_ENV=3600
|
||||
|
||||
sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/kamailio_icscf/icscf.cfg
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_icscf/icscf.cfg
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_icscf/icscf.cfg
|
||||
sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/kamailio_icscf/icscf.cfg
|
||||
|
||||
sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/kamailio_icscf/icscf.xml
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_icscf/icscf.xml
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_icscf/icscf.xml
|
||||
sed -i 's|PYHSS_BIND_PORT|'$PYHSS_BIND_PORT'|g' /etc/kamailio_icscf/icscf.xml
|
||||
sed -i 's|ICSCF_BIND_PORT|'$ICSCF_BIND_PORT'|g' /etc/kamailio_icscf/icscf.xml
|
||||
|
||||
@@ -69,7 +69,7 @@ dns_try_naptr=no
|
||||
#!ifdef WITH_TCP
|
||||
# life time of TCP connection when there is no traffic
|
||||
# - a bit higher than registration expires to cope with UA behind NAT
|
||||
tcp_connection_lifetime=3615
|
||||
tcp_connection_lifetime=UE_SUBSCRIPTION_EXPIRES
|
||||
#!ifdef TCP_PROCESSES
|
||||
tcp_children=TCP_PROCESSES
|
||||
#!endif
|
||||
|
||||
@@ -38,8 +38,8 @@ RUN apt-get update && \
|
||||
|
||||
# Fetch Kamailio code
|
||||
RUN mkdir -p /usr/local/src/ && cd /usr/local/src/ && \
|
||||
git clone https://github.com/kamailio/kamailio && \
|
||||
cd kamailio && git checkout 0da3eb3f94c087b272ebbe19c42fd933146482f8
|
||||
git clone https://github.com/herlesupreeth/kamailio && \
|
||||
cd kamailio && git checkout fix_notify_on_re_subscribe2
|
||||
|
||||
# Build and Install Kamailio
|
||||
RUN cd /usr/local/src/kamailio && make cfg
|
||||
|
||||
@@ -16,7 +16,7 @@ static_modules=
|
||||
skip_modules=
|
||||
|
||||
# the list of modules to exclude from compile list
|
||||
exclude_modules= malloc_test app_sqlang acc_json acc_radius app_java app_lua app_lua_sr app_mono app_perl app_python app_python3 app_python3s app_ruby app_ruby_proc auth_ephemeral auth_identity auth_radius cnxcc cplc crypto db2_ldap db_berkeley db_cassandra db_mongodb db_oracle db_perlvdb db_postgres db_redis db_sqlite db_unixodbc dnssec erlang evapi geoip geoip2 gzcompress h350 janssonrpcc jsonrpcc jwt kafka kazoo lcr ldap log_systemd lost lwsc memcached microhttpd misc_radius mqtt nats ndb_cassandra ndb_mongodb ndb_redis nsq osp peering phonenum rabbitmq regex rls rtp_media_server ruxc secsipid secsipid_proc slack snmpstats stirshaken systemdops tls_wolfssl tlsa topos_redis websocket xhttp_pi xmpp $(skip_modules)
|
||||
exclude_modules= malloc_test app_sqlang acc_json acc_radius app_java app_lua app_lua_sr app_mono app_perl app_python app_python3 app_python3s app_ruby app_ruby_proc auth_ephemeral auth_identity auth_radius cnxcc cplc crypto db2_ldap db_berkeley db_cassandra db_mongodb db_oracle db_perlvdb db_postgres db_redis db_sqlite db_unixodbc dnssec erlang evapi geoip geoip2 gzcompress h350 ims_qos_npn janssonrpcc jsonrpcc jwt kafka kazoo lcr ldap log_systemd lost lwsc memcached microhttpd misc_radius mqtt msrp nats ndb_cassandra ndb_mongodb ndb_redis nsq osp peering phonenum presence_dfks print rabbitmq regex rls rtp_media_server ruxc secsipid secsipid_proc slack snmpstats stirshaken systemdops tls_wolfssl tlsa topos_redis websocket xhttp_pi xmpp $(skip_modules)
|
||||
|
||||
modules_all= $(filter-out modules/CVS,$(wildcard modules/*))
|
||||
modules_noinc= $(filter-out $(addprefix modules/, $(exclude_modules) $(static_modules)), $(modules_all))
|
||||
|
||||
@@ -103,7 +103,7 @@ enable_tls=yes
|
||||
#!ifdef WITH_TCP
|
||||
# life time of TCP connection when there is no traffic
|
||||
# - a bit higher than registration expires to cope with UA behind NAT
|
||||
tcp_connection_lifetime=36000
|
||||
tcp_connection_lifetime=UE_SUBSCRIPTION_EXPIRES
|
||||
# If a message received over a tcp connection has "alias" in its via a new tcp
|
||||
# alias port will be created for the connection the message came from (the
|
||||
# alias port will be set to the via one).
|
||||
@@ -290,21 +290,20 @@ modparam("pike", "remove_latency", 4)
|
||||
# ip ban htable with autoexpire after 5 minutes
|
||||
modparam("htable", "htable", "ipban=>size=8;autoexpire=300")
|
||||
modparam("htable", "htable", "failedauth=>size=8;autoexpire=120")
|
||||
modparam("htable", "htable", "natpingfrom=>size=8;autoexpire=600000;")
|
||||
modparam("htable", "htable", "natpingfrom=>size=8;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
#!endif
|
||||
|
||||
modparam("htable", "htable", "contact=>size=8;autoexpire=20")
|
||||
modparam("htable", "htable", "a=>size=8;autoexpire=20")
|
||||
|
||||
#!ifdef WITH_IMS_HDR_CACHE
|
||||
modparam("htable", "htable", "serviceroutes=>size=16;autoexpire=14400;")
|
||||
modparam("htable", "htable", "associateduris=>size=16;autoexpire=14400;")
|
||||
modparam("htable", "htable", "serviceroutes=>size=16;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
modparam("htable", "htable", "associateduris=>size=16;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_NATPING
|
||||
modparam("htable", "htable", "natping=>size=8;autoexpire=600000;")
|
||||
modparam("htable", "htable", "natpingfail=>size=8;autoexpire=600000;")
|
||||
modparam("htable", "htable", "natpingfrom=>size=8;autoexpire=600000;")
|
||||
modparam("htable", "htable", "natping=>size=8;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
modparam("htable", "htable", "natpingfail=>size=8;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
modparam("htable", "htable", "natpingfrom=>size=8;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
#!ifdef DB_URL2
|
||||
modparam("sqlops","sqlcon","pcscf=>cluster://cluster1")
|
||||
#!else
|
||||
@@ -402,7 +401,7 @@ modparam("ims_registrar_pcscf", "is_registered_fallback2ip", 1)
|
||||
modparam("ims_registrar_pcscf", "ignore_reg_state", 1)
|
||||
modparam("ims_registrar_pcscf", "ignore_contact_rxport_check", 1)
|
||||
modparam("ims_registrar_pcscf", "pending_reg_expires", 30)
|
||||
modparam("ims_registrar_pcscf", "subscription_expires", 36000)
|
||||
modparam("ims_registrar_pcscf", "subscription_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_registrar_pcscf", "delete_delay", CONTACT_DELETE_DELAY)
|
||||
modparam("ims_usrloc_pcscf", "expires_grace", 120)
|
||||
|
||||
@@ -422,7 +421,7 @@ modparam("ims_ipsec_pcscf", "ipsec_server_port", IPSEC_SERVER_PORT)
|
||||
modparam("ims_ipsec_pcscf", "ipsec_spi_id_start", 4096)
|
||||
modparam("ims_ipsec_pcscf", "ipsec_max_connections", IPSEC_MAX_CONN)
|
||||
modparam("ims_ipsec_pcscf", "ipsec_preferred_ealg", "null")
|
||||
modparam("htable", "htable", "ipsec_clients=>size=8;autoexpire=600000;")
|
||||
modparam("htable", "htable", "ipsec_clients=>size=8;autoexpire=UE_SUBSCRIPTION_EXPIRES;")
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_RX
|
||||
@@ -435,7 +434,7 @@ modparam("ims_qos", "confirmed_qosrelease_headers", "X-Reason: QoS failed\r\n")
|
||||
modparam("ims_qos", "authorize_video_flow", 1)
|
||||
modparam("ims_qos", "af_signaling_ip", RX_AF_SIGNALING_IP)
|
||||
modparam("ims_qos", "include_rtcp_fd", 1)
|
||||
modparam("ims_qos", "rx_auth_expiry", 36000)
|
||||
modparam("ims_qos", "rx_auth_expiry", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_qos", "recv_mode", 1)
|
||||
modparam("ims_qos", "dialog_direction", RX_IMS_REG_DIALOG_DIRECTION)
|
||||
#!endif
|
||||
@@ -527,6 +526,17 @@ route {
|
||||
# per request initial checks
|
||||
route(REQINIT);
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
if (is_request() && is_method("REGISTER")) {
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
$sht(ipsec_clients=>$si) = $null;
|
||||
if ($hdrc(Security-Client) == 1) {
|
||||
$sht(ipsec_clients=>$si) = 1;
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
}
|
||||
#!endif
|
||||
|
||||
# CANCEL processing
|
||||
if (is_method("CANCEL")) {
|
||||
if (t_check_trans()) {
|
||||
@@ -661,7 +671,7 @@ route {
|
||||
#!endif
|
||||
} else {
|
||||
force_rport();
|
||||
if(is_method("INVITE|SUBSCRIBE|UPDATE|REGISTER")) {
|
||||
if(is_method("INVITE|REGISTER")) {
|
||||
add_contact_alias();
|
||||
}
|
||||
setflag(FLT_NAT);
|
||||
@@ -832,11 +842,6 @@ route[WITHINDLG] {
|
||||
#}
|
||||
}
|
||||
|
||||
if ( is_method("ACK") && ($sht(contact=>$ci) != $null) ) {
|
||||
xlog("Contact of Reply: $sht(contact=>$ci) ($ci)\n");
|
||||
$ru = $sht(contact=>$ci);
|
||||
}
|
||||
|
||||
if ($route_uri =~ "sip:mt@.*") {
|
||||
route(MT_indialog);
|
||||
} else {
|
||||
|
||||
@@ -54,6 +54,9 @@ alias=pcscf.IMS_DOMAIN
|
||||
|
||||
#!define TCP_PROCESSES 8
|
||||
|
||||
# Maximum lifetime of a subscription in seconds (same is advertised to UE)
|
||||
#!substdef "/UE_SUBSCRIPTION_EXPIRES/SUBSCRIPTION_EXPIRES_ENV/g"
|
||||
|
||||
#!subst "/NETWORKNAME/IMS_DOMAIN/g"
|
||||
#!subst "/HOSTNAME/pcscf.IMS_DOMAIN/g"
|
||||
#!subst "/PCRF_REALM/EPC_DOMAIN/g"
|
||||
@@ -127,7 +130,7 @@ alias=pcscf.IMS_DOMAIN
|
||||
# Enabled Features for this host:
|
||||
##!define WITH_DEBUG
|
||||
#!define WITH_NAT
|
||||
#!define WITH_NATPING
|
||||
##!define WITH_NATPING
|
||||
#!define FORCE_RTPRELAY
|
||||
##!define WITH_TLS
|
||||
##!define WITH_XMLRPC
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
QueueLength="8"
|
||||
TransactionTimeout="5"
|
||||
SessionsHashSize="128"
|
||||
DefaultAuthSessionTimeout="3600"
|
||||
MaxAuthSessionTimeout="3600"
|
||||
DefaultAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
MaxAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
>
|
||||
<Peer FQDN="pcrf.EPC_DOMAIN" Realm="EPC_DOMAIN" port="PCRF_BIND_PORT"/>
|
||||
|
||||
|
||||
@@ -73,7 +73,10 @@ then
|
||||
sed -i 's|##!define WITH_N5\b|#!define WITH_N5|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
fi
|
||||
|
||||
SUBSCRIPTION_EXPIRES_ENV=3600
|
||||
|
||||
sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
sed -i 's|SCP_IP|'$SCP_IP'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
sed -i 's|PCSCF_PUB_IP|'$PCSCF_PUB_IP'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
@@ -81,6 +84,7 @@ sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/kamailio_pcscf/pcscf.cfg
|
||||
|
||||
sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/kamailio_pcscf/pcscf.xml
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_pcscf/pcscf.xml
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_pcscf/pcscf.xml
|
||||
sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/kamailio_pcscf/pcscf.xml
|
||||
sed -i 's|PCRF_BIND_PORT|'$PCRF_BIND_PORT'|g' /etc/kamailio_pcscf/pcscf.xml
|
||||
|
||||
@@ -8,6 +8,7 @@ route[MO]
|
||||
xnotice("PCSCF MO: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
|
||||
# Process route headers, if any:
|
||||
@@ -319,6 +320,7 @@ onreply_route[MO_reply] {
|
||||
xnotice("PCSCF MO_reply: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
if (is_present_hf("C-Params")) {
|
||||
remove_hf("Contact");
|
||||
@@ -364,7 +366,12 @@ onreply_route[MO_reply] {
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
# In case of 1xx and 2xx do NAT
|
||||
if(status=~"[12][0-9][0-9]")
|
||||
@@ -451,6 +458,7 @@ route[MO_indialog] {
|
||||
xnotice("PCSCF MO_indialog: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
setflag(FLT_MOBILE_ORIG);
|
||||
t_on_reply("MO_indialog_reply");
|
||||
@@ -461,11 +469,12 @@ route[MO_indialog] {
|
||||
}
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
if ($dd != "" && $rd != "" && $fs != "") {
|
||||
if ($rd =~ ".*" + $dd + ".*") {
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
}
|
||||
|
||||
@@ -473,6 +482,7 @@ onreply_route[MO_indialog_reply] {
|
||||
xnotice("PCSCF MO_indialog_reply: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
|
||||
#!ifdef WITH_N5
|
||||
@@ -487,6 +497,14 @@ onreply_route[MO_indialog_reply] {
|
||||
}
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
# In case of 1xx and 2xx do NAT
|
||||
if(status=~"[12][0-9][0-9]")
|
||||
route(NATMANAGE);
|
||||
|
||||
@@ -5,6 +5,7 @@ route[MT] {
|
||||
xnotice("PCSCF MT: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
xnotice("Term UE connection information : IP is $dd and Port is $rp \n");
|
||||
xnotice("Term P-CSCF connection information : IP is $RAi and Port is $RAp \n");
|
||||
@@ -17,7 +18,12 @@ route[MT] {
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
t_on_reply("MT_reply");
|
||||
}
|
||||
@@ -29,6 +35,7 @@ onreply_route[MT_reply] {
|
||||
xnotice("PCSCF MT_reply: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
if (!strempty($(ct{tobody.params}))) {
|
||||
append_hf("C-Params: $(ct{tobody.params})\r\n");
|
||||
@@ -126,6 +133,7 @@ route[MT_indialog] {
|
||||
xnotice("PCSCF MT_indialog: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
#resetflag(FLT_MOBILE_ORIG);
|
||||
t_on_reply("MT_indialog_reply");
|
||||
@@ -136,11 +144,12 @@ route[MT_indialog] {
|
||||
}
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
if ($dd != "" && $rd != "" && $fs != "") {
|
||||
if ($rd =~ ".*" + $dd + ".*") {
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
}
|
||||
|
||||
@@ -148,6 +157,7 @@ onreply_route[MT_indialog_reply] {
|
||||
xnotice("PCSCF MT_indialog_reply: \n Destination URI: $du\n Request URI: $ru\n");
|
||||
xnotice("Source IP and Port: ($si:$sp)\n Route-URI: $route_uri\n");
|
||||
xnotice("Received IP and Port: ($Ri:$Rp)\n");
|
||||
xnotice("Next hop domain: ($nh(d))\n");
|
||||
xnotice("Contact header: $ct\n");
|
||||
|
||||
#!ifdef WITH_N5
|
||||
@@ -162,6 +172,14 @@ onreply_route[MT_indialog_reply] {
|
||||
}
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($nh(d) != $null && $sht(ipsec_clients=>$nh(d)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
#!endif
|
||||
# In case of 1xx and 2xx do NAT
|
||||
if(status=~"[12][0-9][0-9]")
|
||||
route(NATMANAGE);
|
||||
|
||||
@@ -36,13 +36,6 @@ route[REGISTER] {
|
||||
}
|
||||
#!endif
|
||||
|
||||
#!ifdef WITH_IPSEC
|
||||
$sht(ipsec_clients=>$(ct{nameaddr.uri})) = $null;
|
||||
if ($hdr(Security-Client) =~ ".*ipsec-3gpp.*") {
|
||||
$sht(ipsec_clients=>$(ct{nameaddr.uri})) = 1;
|
||||
}
|
||||
#!endif
|
||||
|
||||
# Strip additional Tags from RURI:
|
||||
if ($rU == $null)
|
||||
$ru = "sip:"+$rd;
|
||||
@@ -272,14 +265,20 @@ onreply_route[REGISTER_reply]
|
||||
update_stat("register_success", "+1");
|
||||
update_stat("register_time", "$var(stat_add)");
|
||||
#!ifdef WITH_IPSEC
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($sht(ipsec_clients=>$T_req($si)) != $null) {
|
||||
# IPSec forward only if its an IPsec client
|
||||
ipsec_forward("location", IPSEC_FORWARD_FLAGS);
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
}
|
||||
else {
|
||||
if (t_check_status("401")) {
|
||||
if($(T_req($hdr(Security-Client))) != $null && ipsec_create("location", IPSEC_DELETE_UNUSED_TUNNELS)!=1) {
|
||||
send_reply("503", "Service Unavailable (Create ipsec failed)");
|
||||
}
|
||||
if ($sht(ipsec_clients=>$(T_req($ct){nameaddr.uri})) != $null) {
|
||||
sht_lock("ipsec_clients=>ipsec_clients_lock");
|
||||
if ($sht(ipsec_clients=>$T_req($si)) != $null) {
|
||||
$var(sec_client) = $(T_req($hdr(Security-Client)));
|
||||
xnotice("Security-Client=$var(sec_client)\n");
|
||||
$var(sc_port_c) = $(var(sec_client){re.subst,/.*port-c=([0-9]*).*$/\1/s});
|
||||
@@ -287,6 +286,7 @@ onreply_route[REGISTER_reply]
|
||||
$var(sc_port_s) = $(var(sec_client){re.subst,/.*port-s=([0-9]*).*$/\1/s});
|
||||
xnotice("port-s=$var(sc_port_s)\n");
|
||||
}
|
||||
sht_unlock("ipsec_clients=>ipsec_clients_lock");
|
||||
xnotice("Expires=$(T_req($expires(min)))\n");
|
||||
if (is_present_hf("WWW-Authenticate")) {
|
||||
# Remove ck and ik:
|
||||
|
||||
@@ -87,7 +87,7 @@ use_dns_cache=off
|
||||
#!ifdef WITH_TCP
|
||||
# life time of TCP connection when there is no traffic
|
||||
# - a bit higher than registration expires to cope with UA behind NAT
|
||||
tcp_connection_lifetime=3615
|
||||
tcp_connection_lifetime=UE_SUBSCRIPTION_EXPIRES
|
||||
#!ifdef TCP_PROCESSES
|
||||
tcp_children=TCP_PROCESSES
|
||||
#!endif
|
||||
@@ -222,10 +222,10 @@ modparam("rr", "custom_user_avp", "$avp(RR_CUSTOM_USER_AVP)")
|
||||
# -- usrloc params --
|
||||
modparam("ims_usrloc_scscf", "enable_debug_file", 0)
|
||||
modparam("ims_usrloc_scscf", "matching_mode", 0)
|
||||
modparam("ims_usrloc_scscf", "maxcontact", 1) # set to one as workaround for instable Link
|
||||
modparam("ims_usrloc_scscf", "maxcontact_3gpp", 1) # set to one as workaround for instable Link
|
||||
modparam("ims_usrloc_scscf", "maxcontact", 2)
|
||||
modparam("ims_usrloc_scscf", "maxcontact_3gpp", 2)
|
||||
modparam("ims_registrar_scscf", "max_contacts", 5)
|
||||
modparam("ims_usrloc_scscf", "maxcontact_behaviour", 2) #overwrite
|
||||
modparam("ims_usrloc_scscf", "maxcontact_behaviour", 2)
|
||||
#!ifdef DB_URL
|
||||
#!ifdef DB_URL2
|
||||
modparam("ims_usrloc_scscf", "db_url", "cluster://cluster1")
|
||||
@@ -234,9 +234,9 @@ modparam("ims_usrloc_scscf", "db_url", DB_URL)
|
||||
#!endif
|
||||
modparam("ims_usrloc_scscf", "db_mode", 0)
|
||||
#!endif
|
||||
modparam("ims_registrar_scscf", "subscription_default_expires", 654800)
|
||||
modparam("ims_registrar_scscf", "subscription_min_expires", 3700)
|
||||
modparam("ims_registrar_scscf", "subscription_max_expires", 605800)
|
||||
modparam("ims_registrar_scscf", "subscription_default_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_registrar_scscf", "subscription_min_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_registrar_scscf", "subscription_max_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
|
||||
# -- CDP params --
|
||||
modparam("cdp","config_file","/etc/kamailio_scscf/scscf.xml")
|
||||
@@ -287,8 +287,8 @@ modparam("ims_auth", "av_check_only_impu", 1)
|
||||
|
||||
modparam("ims_auth", "max_nonce_reuse", 20)
|
||||
modparam("ims_auth", "auth_vector_timeout", 60)
|
||||
modparam("ims_auth", "auth_data_timeout", 600000)
|
||||
modparam("ims_auth", "auth_used_vector_timeout", 600000)
|
||||
modparam("ims_auth", "auth_data_timeout", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_auth", "auth_used_vector_timeout", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_auth", "av_request_at_once", 1)
|
||||
modparam("ims_auth", "av_request_at_sync", 1)
|
||||
modparam("ims_auth", "registration_qop", "auth")
|
||||
@@ -299,9 +299,9 @@ modparam("ims_registrar_scscf", "default_expires", 60)
|
||||
modparam("ims_registrar_scscf", "min_expires", 60)
|
||||
modparam("ims_registrar_scscf", "max_expires", 60)
|
||||
#!else
|
||||
modparam("ims_registrar_scscf", "default_expires", 604800)
|
||||
modparam("ims_registrar_scscf", "min_expires", 60)
|
||||
modparam("ims_registrar_scscf", "max_expires", 604800)
|
||||
modparam("ims_registrar_scscf", "default_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_registrar_scscf", "min_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
modparam("ims_registrar_scscf", "max_expires", UE_SUBSCRIPTION_EXPIRES)
|
||||
#!endif
|
||||
modparam("ims_registrar_scscf", "use_path", 1)
|
||||
modparam("ims_registrar_scscf", "support_wildcardPSI",1)
|
||||
@@ -348,6 +348,7 @@ modparam("ims_charging", "ro_forced_peer", RO_FORCED_PEER);
|
||||
#!endif
|
||||
modparam("ims_charging", "destination_host", RO_DESTINATION);
|
||||
modparam("ims_charging", "destination_realm", NETWORKNAME);
|
||||
modparam("ims_charging", "ro_auth_expiry", UE_SUBSCRIPTION_EXPIRES)
|
||||
|
||||
modparam("ims_charging","service_context_id_root", RO_ROOT);
|
||||
modparam("ims_charging","service_context_id_ext", RO_EXT);
|
||||
|
||||
@@ -42,6 +42,9 @@ alias=scscf.IMS_DOMAIN
|
||||
# Number of TCP Processes
|
||||
#!define TCP_PROCESSES 3
|
||||
|
||||
# Maximum lifetime of a subscription in seconds (same is advertised to UE)
|
||||
#!substdef "/UE_SUBSCRIPTION_EXPIRES/SUBSCRIPTION_EXPIRES_ENV/g"
|
||||
|
||||
##!define RO_FORCED_PEER "32260@3gpp.org"
|
||||
#!define RO_DESTINATION "hssocs.voiceblue.com"
|
||||
#!define RO_ROOT "32260@3gpp.org"
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
QueueLength="32"
|
||||
TransactionTimeout="5"
|
||||
SessionsHashSize="128"
|
||||
DefaultAuthSessionTimeout="3600"
|
||||
MaxAuthSessionTimeout="3600"
|
||||
DefaultAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
MaxAuthSessionTimeout="SUBSCRIPTION_EXPIRES_ENV"
|
||||
>
|
||||
<Peer FQDN="hss.IMS_DOMAIN" Realm="IMS_DOMAIN" port="PYHSS_BIND_PORT"/>
|
||||
|
||||
|
||||
@@ -66,12 +66,16 @@ fi
|
||||
|
||||
export IMS_SLASH_DOMAIN=`echo $IMS_DOMAIN | sed 's/\./\\\./g'`
|
||||
|
||||
SUBSCRIPTION_EXPIRES_ENV=3600
|
||||
|
||||
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/kamailio_scscf/scscf.cfg
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_scscf/scscf.cfg
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_scscf/scscf.cfg
|
||||
sed -i 's|IMS_SLASH_DOMAIN|'$IMS_SLASH_DOMAIN'|g' /etc/kamailio_scscf/scscf.cfg
|
||||
sed -i 's|MYSQL_IP|'$MYSQL_IP'|g' /etc/kamailio_scscf/scscf.cfg
|
||||
|
||||
sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/kamailio_scscf/scscf.xml
|
||||
sed -i 's|SUBSCRIPTION_EXPIRES_ENV|'$SUBSCRIPTION_EXPIRES_ENV'|g' /etc/kamailio_scscf/scscf.xml
|
||||
sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/kamailio_scscf/scscf.xml
|
||||
sed -i 's|PYHSS_BIND_PORT|'$PYHSS_BIND_PORT'|g' /etc/kamailio_scscf/scscf.xml
|
||||
sed -i 's|SCSCF_BIND_PORT|'$SCSCF_BIND_PORT'|g' /etc/kamailio_scscf/scscf.xml
|
||||
|
||||
@@ -12,6 +12,6 @@ listen=tcp:SMSC_IP:7090
|
||||
|
||||
#!subst "/NEXMO_APIKEY/abcdef/"
|
||||
#!subst "/NEXMO_APISECRET/xyz/"
|
||||
#!subst "/SUBSCRIBE_EXPIRE/7200/"
|
||||
#!subst "/SUBSCRIBE_EXPIRE/3600/"
|
||||
|
||||
#!define WITH_DEBUG
|
||||
|
||||
Reference in New Issue
Block a user