SER example pstn
SER managing a telephony gateway
example: ser configured as PSTN gateway guard; PSTN gateway is located at 192.168.0.10- $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
- ------------------ module loading ----------------------------------
loadmodule "modules/sl/sl.so"
loadmodule "modules/tm/tm.so"
loadmodule "modules/acc/acc.so"
loadmodule "modules/rr/rr.so"
loadmodule "modules/maxfwd/maxfwd.so"
loadmodule "modules/mysql/mysql.so"
loadmodule "modules/auth/auth.so"
loadmodule "modules/auth_db/auth_db.so"
loadmodule "modules/group/group.so"
loadmodule "modules/uri/uri.so"
- ----------------- setting module-specific parameters ---------------
modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
- — acc params --
- that is the flag for which we will account — don't forget to
- set the same one :-)
- ------------------------- request routing logic -------------------
- main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
- filter too old messages
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Wow — Message too large");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs — all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
- now check if it really is a PSTN destination which should be handled
- by our gateway; if not, and the request is an invitation, drop it --
- we cannot terminate it in PSTN; relay non-INVITE requests — it may
- be for example BYEs sent by gateway to call originator
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served here");
} else {
forward(uri:host, uri:port);
};
break;
};
- account completed transactions via syslog
- free call destinations ... no authentication needed
| uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==192.168.0.10) {
- our gateway doesn't support digest authentication;
- verify that a request is coming from it by source
- address
} else {
- in all other cases, we need to check the request against
- access control lists; first of all, verify request
- originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /* no qop */ );
break;
};
- authorize only for INVITEs — RR/Contact may result in weird
- things showing up in d-uri that would break our logic; our
- major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
- does the authenticated user have a permission for local
- calls (destinations beginning with a single zero)?
- (i.e., is he in the "local" group?)
if (!is_user_in("credentials", "local")) {
sl_send_reply("403", "No permission for local calls");
break;
};
- the same for long-distance (destinations begin with two zeros")
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", " no permission for LD ");
break;
};
- the same for international calls (three zeros)
if (!is_user_in("credentials", "int")) {
sl_send_reply("403", "International permissions needed");
break;
};
- everything else (e.g., interplanetary calls) is denied
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
- if you have passed through all the checks, let your call go to GW!
rewritehostport("192.168.0.10:5060");
- forward the request now
sl_reply_error();
break;
};
}
See also
- SIP method invite
- Used SER modules
Back to SER tips and tricks
Page Changes
Featured -
Search:
