SER example pstn

SER managing a telephony gateway

example: ser configured as PSTN gateway guard; PSTN gateway is located at 192.168.0.10

  1. $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $

  1. ------------------ module loading ----------------------------------

loadmodule "modules/sl/sl.so"
loadmodule "modules/tm/tm.so"
loadmodule "modules/acc/acc.so"
loadmodule "modules/rr/rr.so"
loadmodule "modules/maxfwd/maxfwd.so"
loadmodule "modules/mysql/mysql.so"
loadmodule "modules/auth/auth.so"
loadmodule "modules/auth_db/auth_db.so"
loadmodule "modules/group/group.so"
loadmodule "modules/uri/uri.so"

  1. ----------------- setting module-specific parameters ---------------

modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")

  1. — acc params --
modparam("acc", "log_level", 1)
  1. that is the flag for which we will account — don't forget to
  2. set the same one :-)
modparam("acc", "log_flag", 1 )

  1. ------------------------- request routing logic -------------------

  1. main routing logic

route{

/* ********* ROUTINE CHECKS ********************************** */

  1. filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Wow — Message too large");
break;
};

/* ********* RR ********************************** */

/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };

/* record-route INVITEs — all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};

  1. now check if it really is a PSTN destination which should be handled
  2. by our gateway; if not, and the request is an invitation, drop it --
  3. we cannot terminate it in PSTN; relay non-INVITE requests — it may
  4. be for example BYEs sent by gateway to call originator
if (!uri=~"sip:\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served here");
} else {
forward(uri:host, uri:port);
};
break;
};

  1. account completed transactions via syslog
setflag(1);

  1. free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free destinations */
| uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==192.168.0.10) {
  1. our gateway doesn't support digest authentication;
  2. verify that a request is coming from it by source
  3. address
log("gateway-originated request");
} else {
  1. in all other cases, we need to check the request against
  2. access control lists; first of all, verify request
  3. originator's identity

if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /* no qop */ );
break;
};

  1. authorize only for INVITEs — RR/Contact may result in weird
  2. things showing up in d-uri that would break our logic; our
  3. major concern is INVITE which causes PSTN costs

if (method=="INVITE") {

  1. does the authenticated user have a permission for local
  2. calls (destinations beginning with a single zero)?
  3. (i.e., is he in the "local" group?)
if (uri=~"sip:0[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "local")) {
sl_send_reply("403", "No permission for local calls");
break;
};
  1. the same for long-distance (destinations begin with two zeros")
} else if (uri=~"sip:00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", " no permission for LD ");
break;
};
  1. the same for international calls (three zeros)
} else if (uri=~"sip:000[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "int")) {
sl_send_reply("403", "International permissions needed");
break;
};
  1. everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};

}; # INVITE to authorized PSTN

}; # authorized PSTN

  1. if you have passed through all the checks, let your call go to GW!

rewritehostport("192.168.0.10:5060");

  1. forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};

}


See also



Back to SER tips and tricks

SER managing a telephony gateway

example: ser configured as PSTN gateway guard; PSTN gateway is located at 192.168.0.10

  1. $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $

  1. ------------------ module loading ----------------------------------

loadmodule "modules/sl/sl.so"
loadmodule "modules/tm/tm.so"
loadmodule "modules/acc/acc.so"
loadmodule "modules/rr/rr.so"
loadmodule "modules/maxfwd/maxfwd.so"
loadmodule "modules/mysql/mysql.so"
loadmodule "modules/auth/auth.so"
loadmodule "modules/auth_db/auth_db.so"
loadmodule "modules/group/group.so"
loadmodule "modules/uri/uri.so"

  1. ----------------- setting module-specific parameters ---------------

modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")

  1. — acc params --
modparam("acc", "log_level", 1)
  1. that is the flag for which we will account — don't forget to
  2. set the same one :-)
modparam("acc", "log_flag", 1 )

  1. ------------------------- request routing logic -------------------

  1. main routing logic

route{

/* ********* ROUTINE CHECKS ********************************** */

  1. filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Wow — Message too large");
break;
};

/* ********* RR ********************************** */

/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };

/* record-route INVITEs — all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};

  1. now check if it really is a PSTN destination which should be handled
  2. by our gateway; if not, and the request is an invitation, drop it --
  3. we cannot terminate it in PSTN; relay non-INVITE requests — it may
  4. be for example BYEs sent by gateway to call originator
if (!uri=~"sip:\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served here");
} else {
forward(uri:host, uri:port);
};
break;
};

  1. account completed transactions via syslog
setflag(1);

  1. free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free destinations */
| uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==192.168.0.10) {
  1. our gateway doesn't support digest authentication;
  2. verify that a request is coming from it by source
  3. address
log("gateway-originated request");
} else {
  1. in all other cases, we need to check the request against
  2. access control lists; first of all, verify request
  3. originator's identity

if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /* no qop */ );
break;
};

  1. authorize only for INVITEs — RR/Contact may result in weird
  2. things showing up in d-uri that would break our logic; our
  3. major concern is INVITE which causes PSTN costs

if (method=="INVITE") {

  1. does the authenticated user have a permission for local
  2. calls (destinations beginning with a single zero)?
  3. (i.e., is he in the "local" group?)
if (uri=~"sip:0[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "local")) {
sl_send_reply("403", "No permission for local calls");
break;
};
  1. the same for long-distance (destinations begin with two zeros")
} else if (uri=~"sip:00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", " no permission for LD ");
break;
};
  1. the same for international calls (three zeros)
} else if (uri=~"sip:000[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "int")) {
sl_send_reply("403", "International permissions needed");
break;
};
  1. everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};

}; # INVITE to authorized PSTN

}; # authorized PSTN

  1. if you have passed through all the checks, let your call go to GW!

rewritehostport("192.168.0.10:5060");

  1. forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};

}


See also



Back to SER tips and tricks
Created by: oej, Last modification: Wed 21 of Jan, 2004 (21:48 UTC) by dekbh
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+