SER example pstn - VoIP-Info

SER managing a telephony gateway

example: ser configured as PSTN gateway guard; PSTN gateway is located at 192.168.0.10

$Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $

—————— module loading ———————————-

loadmodule “modules/sl/sl.so”
loadmodule “modules/tm/tm.so”
loadmodule “modules/acc/acc.so”
loadmodule “modules/rr/rr.so”
loadmodule “modules/maxfwd/maxfwd.so”
loadmodule “modules/mysql/mysql.so”
loadmodule “modules/auth/auth.so”
loadmodule “modules/auth_db/auth_db.so”
loadmodule “modules/group/group.so”
loadmodule “modules/uri/uri.so”

—————– setting module-specific parameters —————

modparam(“auth_db”, “db_url”,”sql://ser:heslo@localhost/ser”)
modparam(“auth_db”, “calculate_ha1”, yes)
modparam(“auth_db”, “password_column”, “password”)

— acc params —

modparam(“acc”, “log_level”, 1)

that is the flag for which we will account — don’t forget to
set the same one 🙂

modparam(“acc”, “log_flag”, 1 )

————————- request routing logic ——————-

main routing logic

route{

/* ********* ROUTINE CHECKS ********************************** */

filter too old messages

if (!mf_process_maxfwd_header(“10”)) {
log(“LOG: Too many hops\n”);
sl_send_reply(“483″,”Too Many Hops”);
break;
};
if (len_gt( max_len )) {
sl_send_reply(“513”, “Wow — Message too large”);
break;
};

/* ********* RR ********************************** */

/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };

/* record-route INVITEs — all subsequent requests must visit us */
if (method==”INVITE”) {
record_route();
};

now check if it really is a PSTN destination which should be handled
by our gateway; if not, and the request is an invitation, drop it —
we cannot terminate it in PSTN; relay non-INVITE requests — it may
be for example BYEs sent by gateway to call originator

if (!uri=~”sip:\+?[0-9]+@.*”) {
if (method==”INVITE”) {
sl_send_reply(“403”, “Call cannot be served here”);
} else {
forward(uri:host, uri:port);
};
break;
};

account completed transactions via syslog

setflag(1);

free call destinations … no authentication needed

if ( is_user_in(“Request-URI”, “free-pstn”) /* free destinations */
| uri=~”sip:[79][0-9][0-9][0-9]@.*” /* local PBX */
| uri=~”sip:98[0-9][0-9][0-9][0-9]”) {
log(“free call”);
} else if (src_ip==192.168.0.10) {

our gateway doesn’t support digest authentication;
verify that a request is coming from it by source
address

log(“gateway-originated request”);
} else {

in all other cases, we need to check the request against
access control lists; first of all, verify request
originator’s identity

if (!proxy_authorize( “gateway” /* realm */,
“subscriber” /* table name */)) {
proxy_challenge( “gateway” /* realm */, “0” /* no qop */ );
break;
};

authorize only for INVITEs — RR/Contact may result in weird
things showing up in d-uri that would break our logic; our
major concern is INVITE which causes PSTN costs

if (method==”INVITE”) {

does the authenticated user have a permission for local
calls (destinations beginning with a single zero)?
(i.e., is he in the “local” group?)

if (uri=~”sip:0[1-9][0-9]+@.*”) {
if (!is_user_in(“credentials”, “local”)) {
sl_send_reply(“403”, “No permission for local calls”);
break;
};

the same for long-distance (destinations begin with two zeros”)

} else if (uri=~”sip:00[1-9][0-9]+@.*”) {
if (!is_user_in(“credentials”, “ld”)) {
sl_send_reply(“403″, ” no permission for LD “);
break;
};

the same for international calls (three zeros)

} else if (uri=~”sip:000[1-9][0-9]+@.*”) {
if (!is_user_in(“credentials”, “int”)) {
sl_send_reply(“403”, “International permissions needed”);
break;
};

everything else (e.g., interplanetary calls) is denied

} else {
sl_send_reply(“403”, “Forbidden”);
break;
};

}; # INVITE to authorized PSTN

}; # authorized PSTN

if you have passed through all the checks, let your call go to GW!

rewritehostport(“192.168.0.10:5060”);

forward the request now

if (!t_relay()) {
sl_reply_error();
break;
};

}

SER managing a telephony gateway

See also

Related Posts: