def ksr_route_registrar(self, msg): if not KSR.is_REGISTER(): return 1 if KSR.isflagset(FLT_NATS): KSR.setbflag(FLB_NATB) # do SIP NAT pinging KSR.setbflag(FLB_NATSIPPING) if KSR.registrar.save("location", 0) < 0: KSR.sl.sl_reply_error() return -255
def ksr_route_registrar(self, msg): if KSR.pv.get("$rm") != "REGISTER" : return 1; if KSR.isflagset(FLT_NATS) : KSR.setbflag(FLB_NATB); # do SIP NAT pinging KSR.setbflag(FLB_NATSIPPING); if KSR.registrar.save("location", 0)<0 : KSR.sl.sl_reply_error(); return -255;
def ksr_route_async_REGISTER(self, msg): if KSR.isflagset(self.FLAGS['FLT_NATS']): KSR.setbflag(self.FLAGS['FLB_NATB']) # do SIP NAT pinging KSR.setbflag(self.FLAGS['FLB_NATSIPPING']) if KSR.registrar.save("location", 0) < 0: KSR.xlog.xerr("Cant store AoR") KSR.sl.sl_reply_error() else: # Фильтруем УДАЧНЫЕ регистрации на предмет необходимости уведомлений self.check_registration_uri() return -255
def ksr_route_natmanage(self): if (KSR.siputils.is_request() > 0): if (KSR.siputils.has_totag() > 0) and (KSR.rr.check_route_param("nat=yes") > 0): KSR.setbflag(self.FLAGS['FLB_NATB']) elif (KSR.tmx.t_is_branch_route() > 0): if KSR.isdsturiset() and self.is_ip_internal(KSR.pv.getw("$dd")): KSR.xlog.xnotice("In DURI domain $dd is RFC1918. Mark for NAT") KSR.setbflag(self.FLAGS['FLB_NATB']) if self.is_ip_internal(KSR.pv.getw("$rd")): KSR.xlog.xnotice("In RURI domain $rd is RFC1918. Mark for NAT") KSR.setbflag(self.FLAGS['FLB_NATB']) if (KSR.siputils.is_reply() > 0): if (KSR.siputils.has_totag() > 0): KSR.setbflag(self.FLAGS['FLB_NATB']) elif (KSR.textops.has_body() > 0): if KSR.textops.search_body("127.0.0.2") > 0: # Патчим 200 ответы от астериска KSR.setbflag(self.FLAGS['FLB_NATB']) elif KSR.nathelper.nat_uac_test(9) > 0: KSR.setbflag(self.FLAGS['FLB_NATB']) if not (KSR.isflagset(self.FLAGS['FLT_NATS']) or KSR.isbflagset(self.FLAGS['FLB_NATB'])): return 1 if (KSR.textops.has_body() > 0) or KSR.is_method("BYE|CANCEL") or (KSR.siputils.is_reply() > 0 and 300 <= KSR.pv.getw("$rs") <= 399): rtpengine_lp = "loop-protect " if self.GLOBALS['WITH_LOOPPROTECT_PATCH'] and (KSR.siputils.is_reply() > 0) and (KSR.textops.has_body() > 0) and (KSR.textops.search_body("a=rtpengine") > 0): KSR.xlog.xnotice("Client return looprotect param. Check SDP for our rtprngine IP " + self.GLOBALS['DEFINE_RTPENGINE_IP']) KSR.sdpops.sdp_get_line_startswith("$avp(cline)", "c=") KSR.sdpops.sdp_get_line_startswith("$avp(oline)", "o=") if not (self.GLOBALS['DEFINE_RTPENGINE_IP'] in KSR.pv.getw("$avp(cline)") or self.GLOBALS['DEFINE_RTPENGINE_IP'] in KSR.pv.getw("$avp(oline)")): KSR.xlog.xalert("In c/o param not found our rtprngine IP {}. Try to remove loop protect param for calls".format(self.GLOBALS['DEFINE_RTPENGINE_IP'])) KSR.sdpops.remove_line_by_prefix("a=rtpengine", "") if (KSR.tmx.t_is_request_route() > 0) or (KSR.tmx.t_is_reply_route() > 0): KSR.textopsx.msg_apply_changes() # Сбрасываем флаг - IP адреса чужие, а клиент вернул # нашу защиту от петли в rtpengine rtpengine_lp = "" # Проверяем - необходимо пропустить через RTPProxy SDP? # 8 - The SDP is searched for occurrence of RFC1918 or RFC6598 addresses # 'c' = replace-session-connection # 'o' = replace-origin # trust-address (flag 'r' in rtpproxy) enabled by default. To disable it need to use # SIP-source-address - opposite for trust-address flag if KSR.nathelper.is_rfc1918("$rd") and KSR.pv.getw("$rd") != "127.0.0.1" and KSR.pv.getw("$rd") != "<null>" and KSR.pv.getw("$rd") != ""sip_dns"" and KSR.pv.getw("$rd") != "10.5.26.236" and KSR.pv.getw("$tU") != "location": KSR.rtpengine.rtpengine_manage(rtpengine_lp + "replace-session-connection external internal replace-origin SIP-source-address to-tag") else: KSR.rtpengine.rtpengine_manage(rtpengine_lp + "replace-session-connection external external replace-origin SIP-source-address to-tag") if KSR.pv.getw("$rc") < 0: KSR.xlog.xalert("Calling rtpengine_manage() cause troubles!")
def ksr_route_natmanage(self, msg): if KSR.siputils.is_request()>0 : if KSR.siputils.has_totag()>0 : if KSR.rr.check_route_param("nat=yes")>0 : KSR.setbflag(FLB_NATB); if (not (KSR.isflagset(FLT_NATS) or KSR.isbflagset(FLB_NATB))) : return 1; KSR.rtpproxy.rtpproxy_manage("co"); if KSR.siputils.is_request()>0 : if not KSR.siputils.has_totag() : if KSR.tmx.t_is_branch_route()>0 : KSR.rr.add_rr_param(";nat=yes"); if KSR.siputils.is_reply()>0 : if KSR.isbflagset(FLB_NATB) : KSR.nathelper.set_contact_alias(); return 1;
def ksr_route_relay(self): KSR.nathelper.handle_ruri_alias() # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("branch_route") < 0): KSR.tm.t_on_branch("ksr_branch_manage") #if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("onreply_route") < 0): # KSR.tm.t_on_reply("ksr_onreply_manage") if KSR.is_INVITE() and (KSR.tm.t_is_set("failure_route") < 0): KSR.tm.t_on_failure("ksr_failure_manage") if KSR.isflagset(self.FLAGS['FLT_FROM_ASTERISK']): KSR.textops.remove_hf_re("^X-") if KSR.tm.t_relay() < 0: KSR.xlog.xerr("Cant relay request. Send error.") KSR.sl.sl_reply_error() return -255 else: return 1
def ksr_route_async_auth(self, msg): furi = KSR.pv.getw("$fu") ruri = KSR.pv.getw("$ru") if KSR.is_INVITE(): KSR.xlog.xnotice("Do auth procedure for {} from {}:{}".format( ruri, furi, KSR.pv.getw("$si"))) if KSR.auth_db.is_subscriber(furi, "subscriber", 2) > 0 and not KSR.isflagset( self.FLAGS['FLT_SKIP_AUTH']): if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request from local subscriber") KSR.setflag(self.FLAGS['FLT_FROM_SUBSCRIBER']) if KSR.auth_db.is_subscriber(ruri, "subscriber", 2) > 0: if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request to local subscriber") KSR.setflag(self.FLAGS['FLT_TO_SUBSCRIBER']) if KSR.isflagset(self.FLAGS['FLT_FROM_SUBSCRIBER']): if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): res = KSR.auth_db.auth_check(KSR.pv.getw("$fd"), "subscriber", 1) if res < 0: if res == -2: # -2 Wrong passworg KSR.xlog.xnotice("Wrong password. From:$fU Auth user:$au") KSR.sl.sl_send_reply(403, "You're not welcome here") if KSR.is_REGISTER(): self.send_registration_info_to_redis( 'False', time.time()) else: KSR.auth.auth_challenge(KSR.pv.getw("$fd"), 0) return -255 else: if KSR.is_REGISTER(): self.send_registration_info_to_redis('True', time.time()) # user authenticated - remove auth header # if not KSR.is_method("REGISTER,PUBLISH") : KSR.auth.consume_credentials() elif not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # Отпинываем нелокальных абонентов KSR.sl.send_reply(406, "Not acceptable") return -255 if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (not KSR.is_myself(furi) and (not KSR.is_myself(ruri))): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # authentication not enabled - do not relay at all to foreign networks if not KSR.is_myself(ruri): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # Jump from async route, based on processing SIP method if self.GLOBALS['WITH_ASYNC_FRAMEWORK']: KSR.asynk.task_route('ksr_route_async_' + KSR.pv.getw("$rm")) else: # lambda will generate 500 error if something went wrong getattr(self, 'ksr_route_async_' + KSR.pv.getw("$rm"), lambda: -255)(msg) return -255
def ksr_route_async_INVITE(self, msg): if KSR.hdr.is_present("UUID") < 0: uuid = KSR.pv.getw("$uuid(g)") KSR.xlog.xinfo( "Add hdr UUID: {}. Call from $fU@$fd:$si to $rU".format(uuid)) KSR.hdr.append("UUID: {}\r\n".format(uuid)) else: uuid = KSR.pv.getw("$hdr(UUID)") self.store_uuid(KSR.pv.getw("$ci"), uuid) self.manage_call_status(KSR.pv.getw("$fU"), 'put') if KSR.isflagset(self.FLAGS['FLT_FROM_ASTERISK']): if KSR.hdr.is_present("X-Kamailio-URI") > 0: KSR.hdr.append("X-Kamailio-Timestamp: {}\r\n".format(time.time())) if KSR.hdr.is_present("X-URI-Type") < 0: # Для звонков на aor/location/handset через RUser uri_type = KSR.pv.getw("$rU") else: uri_type = KSR.pv.getvs("$hdr(X-URI-Type)", "location") KSR.seturi( re.sub(r"(^<|>$)", "", KSR.pv.getw("$hdr(X-Kamailio-URI)"))) if uri_type == "location": if self.ksr_x_route_location() == -255: return -255 elif uri_type == "handset": KSR.xlog.xwarn( "Call to handset. Replace TURI with RURI:{}".format( KSR.pv.getw("$ru"))) KSR.uac.uac_replace_to_uri(KSR.pv.getw("$ru")) else: if KSR.nathelper.handle_ruri_alias() > 0: KSR.xlog.xnotice( "Handling RURI alias. DURI:$du RURI:$ru from $fU") else: KSR.xlog.xnotice("From asterisk returned Unknow number. Drop it") KSR.sl.sl_send_reply(404, "Not here") return -255 elif KSR.isflagset(self.FLAGS['FLT_FROM_GW']): r = redis.StrictRedis(host='127.0.0.1', port=6379, db=12, decode_responses=True) domophone_name = r.get(KSR.pv.getw("$tU")) if domophone_name: KSR.seturi('sip:' + str(domophone_name) + '@televoip.is74.ru:7777') KSR.xlog.xinfo( "call from gw to domophone {}".format(domophone_name)) if self.ksr_x_route_location() == -255: KSR.xlog.xerr("Lookup location error") return -255 else: KSR.sl.sl_send_reply(404, "user not found") KSR.xlog.xinfo("domophone for call from gw not found") return -255 elif not KSR.isflagset( self.FLAGS['FLT_TO_SUBSCRIBER']): # проверяем наличие флага if not self.ksr_special_routing(KSR.pv.getw("$rU")): # Re-route to asterisk KSR.dispatcher.ds_select_dst(self.DSIDS['MEDIASERVERS'], 4) KSR.setbflag(self.FLAGS['FLB_NATB']) KSR.xlog.xinfo("Unknown number. Send to Asterisk:$du") elif KSR.isflagset(self.FLAGS['FLT_FROM_SUBSCRIBER']) and KSR.isflagset( self.FLAGS['FLT_TO_SUBSCRIBER']): if KSR.pv.getw("$fU") == self.GLOBALS.get('TEST_ACCAUNT', False): KSR.xlog.xnotice("Direct call from test accaunt $fU to $rU") if self.ksr_x_route_location() == -255: KSR.xlog.xerr("Lookup location error") return -255 else: # Лучше по максимуму сузить маску для дропа KSR.xlog.xwarn( "Old LOGIC (dropping request)::Requested user $rU from $fU:$si" ) KSR.sl.sl_send_reply(403, "Forbidden direct call to user") KSR.set_drop() return -255 KSR.rr.record_route() if self.ksr_route_relay() == -255: return -255 return 1